zypp-refresh-patches wrapper XML Repository Corruption Weakness
BID:30293
Info
zypp-refresh-patches wrapper XML Repository Corruption Weakness
| Bugtraq ID: | 30293 |
| Class: | Design Error |
| CVE: |
CVE-2008-3187 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 18 2008 12:00AM |
| Updated: | Jul 21 2008 10:08PM |
| Credit: | This issue was disclosed in a SUSE Linux security advisory. |
| Vulnerable: |
S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 |
| Not Vulnerable: | |
Discussion
zypp-refresh-patches wrapper XML Repository Corruption Weakness
The 'zypp-refresh-patches' wrapper is prone to a weakness that may allow attackers to corrupt XML repositories.
Successfully exploiting this weakness may prevent victims from updating applications or from downloading new packages; other attacks are also possible.
The 'zypp-refresh-patches' wrapper is prone to a weakness that may allow attackers to corrupt XML repositories.
Successfully exploiting this weakness may prevent victims from updating applications or from downloading new packages; other attacks are also possible.
Exploit / POC
zypp-refresh-patches wrapper XML Repository Corruption Weakness
An attacker can exploit this issue by injecting a malicious repository key into an HTTP request.
An attacker can exploit this issue by injecting a malicious repository key into an HTTP request.
Solution / Fix
zypp-refresh-patches wrapper XML Repository Corruption Weakness
Solution:
Updates are available to address this issue. Please see the references for more information.
Solution:
Updates are available to address this issue. Please see the references for more information.
References
zypp-refresh-patches wrapper XML Repository Corruption Weakness
References:
References:
- S.u.S.E. Homepage (S.u.S.E.)