Rug SSL Certificates Man In The Middle Vulnerability
BID:18193
CVE-2006-2703 |Info
Rug SSL Certificates Man In The Middle Vulnerability
| Bugtraq ID: | 18193 |
| Class: | Design Error |
| CVE: |
CVE-2006-2703 |
| Remote: | Yes |
| Local: | No |
| Published: | May 31 2006 12:00AM |
| Updated: | Jun 01 2006 04:42PM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
SuSE Linux Enterprise Server 9 S.u.S.E. Novell Linux Desktop 9.0 |
| Not Vulnerable: | |
Discussion
Rug SSL Certificates Man In The Middle Vulnerability
The rug utility is prone to a man-in-the-middle vulnerability. This issue likely arises due to a design error.
An attacker may exploit this issue to gain access to sensitive contents of encrypted network traffic between the rug client and a server. Depending on the type of information that is disclosed, this issue may lead to other attacks as well.
Note that attackers may be able to exploit this issue from outside the firewall protecting an affected rug client, but firewall protection may make a successful exploit more difficult.
The rug utility is prone to a man-in-the-middle vulnerability. This issue likely arises due to a design error.
An attacker may exploit this issue to gain access to sensitive contents of encrypted network traffic between the rug client and a server. Depending on the type of information that is disclosed, this issue may lead to other attacks as well.
Note that attackers may be able to exploit this issue from outside the firewall protecting an affected rug client, but firewall protection may make a successful exploit more difficult.
Exploit / POC
Rug SSL Certificates Man In The Middle Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Rug SSL Certificates Man In The Middle Vulnerability
Solution:
SUSE has released an advisory (SUSE-SA:2006:029) including fixes to address this issue. Please see the referenced advisory for more information.
Solution:
SUSE has released an advisory (SUSE-SA:2006:029) including fixes to address this issue. Please see the referenced advisory for more information.
References
Rug SSL Certificates Man In The Middle Vulnerability
References:
References: