Description
The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.
Product(s):
- SuSE SuSE Linux
- SuSE SuSE Linux 1.0
- Novell SUSE Linux 10.0
- Novell SUSE Linux 10.1
- Suse Suse Linux 10.1 Ppc Edition
- Suse Suse Linux 10.1 X86 Edition
- Suse Suse Linux 10.1 X86 64 Edition
- Suse Suse Linux 10 Service Pack 1 Enterprise Desktop Edition
- Suse Suse Linux 10 Service Pack 1 Enterprise Server Edition
- SuSE SuSE Linux 2.0
- SuSE SuSE Linux 3.0
- SuSE SuSE Linux 4.0
- SuSE SuSE Linux 4.2
- SuSE SuSE Linux 4.3
- SuSE SuSE Linux 4.4.1
- SuSE SuSE Linux 4.4
- SuSE SuSE Linux 5.0
- SuSE SuSE Linux 5.1
- SuSE SuSE Linux 5.2
- SuSE SuSE Linux 5.3
- SuSE SuSE Linux 6.0
- SuSE SuSE Linux 6.1
- SuSE SuSE Linux 6.1 alpha
- SuSE SuSE Linux 6.2
- SuSE SuSE Linux 6.3
- SuSE SuSE Linux 6.3 alpha
- SuSE SuSE Linux 6.4
- SuSE SuSE Linux 6.4 alpha
- SuSE SuSE Linux 7.0
- SuSE SuSE Linux 7.0 alpha
- SuSE SuSE Linux 7.1
- SuSE SuSE Linux 7.1 alpha
- SuSE SuSE Linux 7.2
- SuSE SuSE Linux 7.3
- SuSE SuSE Linux 8.0
- SuSE SuSE Linux 8.0 alpha
- SuSE SuSE Linux 8.1
- SuSE SuSE Linux 8.2
- SuSE SuSE Linux 9.0
- Suse Suse Linux 9.0 Enterprise Server Edition
- SuSE SuSE Linux 9.1
- SuSE SuSE Linux 9.2
- SuSE SuSE Linux 9.3
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2000-0361, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2000-0361 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.