Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3187

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3187
Last Modified 26 Nov 2012 10:48:47
Published 21 Jul 2008 12:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3187

Summary

zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key.

Vulnerable Systems

Application

  • Opensuse Zypper 10.2

  • Opensuse Zypper 10.3

  • Opensuse Zypper 11.0


References

SUSE - SUSE-SR:2008:015

XF - zypper-zypprefreshpatches-dos(43922)

BID - 30293

SECUNIA - 31167


Last Updated: 27 May 2016 10:58:30