SuSE Update For Openwsman SUSE-SA:2008:041 Network Vulnerability

Impact

remote code execution

Solution

Please Install the Updated Packages.

Insight

The openwsman project provides an implementation of the Web Service Management specification. The SuSE Security-Team has found two critical issues in the code: - two remote buffer overflows while decoding the HTTP basic authentication header CVE-2008-2234 - a possible SSL session replay attack affecting the client (depending on the configuration) CVE-2008-2233 Both issues were fixed.

Affected

openwsman on openSUSE 10.3, openSUSE 11.0

References

http://www.novell.com/linux/security/advisories/2008_41_openwsman.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-7232, CVE-2007-6389, CVE-2008-1447, CVE-2008-1801, CVE-2008-1802, CVE-2008-1803, CVE-2008-2079, CVE-2008-2233, CVE-2008-2234, CVE-2008-3337
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for GhostScript
SLES10: Security update for libvorbis
SLES10: Security update for libxml2
SLES10: Security update for Cups
SLES10: Security update for ipsec-tools

SuSE Update for openwsman SUSE-SA:2008:041

Take action and discover your vulnerabilities