CVE-2008-3270 — Redhat Enterprise Linux vulnerability

CWE-3104 documents4 sources

Severity

2.6LOWNVD

EPSS

0.3%

top 46.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux

Timeline

PublishedAug 18

Latest updateMay 1

Description

yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of official Red Hat packages that were not requested.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages0 packages

Also affects: Enterprise Linux 5.0

🔴Vulnerability Details

GHSA

GHSA-pvfw-g6m7-hcq2: yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which↗2022-05-01

▶

📋Vendor Advisories

Red Hat

yum-rhn-plugin: does not verify SSL certificate for all communication with RHN server↗2008-08-14

▶

💬Community

Bugzilla

CVE-2008-3270 yum-rhn-plugin: does not verify SSL certificate for all communication with RHN server↗2008-07-29

▶