Code Injection Vulnerability in SUSE Linux Enterprise Server and Desktop Supportconfig Tool

Code Injection Vulnerability in SUSE Linux Enterprise Server and Desktop Supportconfig Tool

CVE-2016-1602 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).

Learn more about our Cis Benchmark Audit For Desktop Software.