Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3270

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2008-3270
Last Modified 21 Aug 2010 01:22:18
Published 18 Aug 2008 01:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-3270

Summary

yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of official Red Hat packages that were not requested.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 5.0


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=457113

BID - 30695

REDHAT - RHSA-2008:0815

SECTRACK - 1020698

SECUNIA - 31472


Last Updated: 27 May 2016 10:48:08