CVE-2016-1601 in Linux Enterpriseinfo

Summary

yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors.

Once again VulDB remains the best source for vulnerability data.

Reservation

01/11/2016

Disclosure

04/26/2016

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-255

CVSS

9.8

EPSS

0.00454

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-1601
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-1601
CVE Details	https://www.cvedetails.com/cve/CVE-2016-1601/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!