CVE-2008-3270 - OpenCVE

yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of official Red Hat packages that were not requested.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/31472
http://securitytracker.com/id?1020698
http://www.redhat.com/support/errata/RHSA-2008-0815.html
http://www.securityfocus.com/bid/30695
https://bugzilla.redhat.com/show_bug.cgi?id=457113
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10864

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2008-08-18T17:15:00

Updated: 2017-09-28T12:57:01

Reserved: 2008-07-24T00:00:00

Link: CVE-2008-3270

JSON object: View

NVD Information

Status : Modified

Published: 2008-08-18T17:41:00.000

Modified: 2017-09-29T01:31:36.477

Link: CVE-2008-3270

JSON object: View

Redhat Information

No data.

CWE

CWE-310

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of official Red Hat packages that were not requested."}, {"lang": "es", "value": "yum-rhn-plugin en Red Hat Enterprise Linux (RHEL) 5 no verifica el certificado SSL para un archivo descargado de un servidor Red Hat Network (RHN), lo que facilita a atacantes man-in-the-middle (hombre en el medio) remotos provocar una denegaci\u00f3n de servicio (p\u00e9rdida de actualizaciones) o forzar la descarga e instalaci\u00f3n de paquetes Red Hat oficiales que no fueron solicitados."}], "id": "CVE-2008-3270", "lastModified": "2017-09-29T01:31:36.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-08-18T17:41:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31472"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1020698"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0815.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/30695"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457113"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10864"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}