Arbitrary Command Execution Vulnerabilities in obs-service-extract_file Package

Arbitrary Command Execution Vulnerabilities in obs-service-extract_file Package

CVE-2016-4007 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."

Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.