VULHUB ™

An input validation error exists in sdb, the SuSE Support Data Base. The problem exists in the sdbsearch.cgi script, which uses data directly from the 'Referer' header field from a HTTP request as a path when opening it's "keylist.txt" file. The keylist file contains a list of keywords and associated files, which are opened using Perl's open() command. If an attacker is able to create a malicious "keylist.txt" file on a vulnerable host, it may be possible for the attacker to cause arbitrary commands to be executed by the sdbsearch.cgi script.

An input validation error exists in sdb, the SuSE Support Data Base. The problem exists in the sdbsearch.cgi script, which uses data directly from the 'Referer' header field from a HTTP request as a path when opening it's "keylist.txt" file. The keylist file contains a list of keywords and associated files, which are opened using Perl's open() command. If an attacker is able to create a malicious "keylist.txt" file on a vulnerable host, it may be possible for the attacker to cause arbitrary commands to be executed by the sdbsearch.cgi script.