SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors.Referenceshttps://www.suse.com/support/update/announcement/2013/suse-su-20131813-1.htmlhttps://bugzilla.novell.com/show_bug.cgi?id=852101https://exchange.xforce.ibmcloud.com/vulnerabilities/89897http://osvdb.org/100652
