Vigil@nce: opensman, multiple vulnerabilities
August 2008 by Vigil@nce
SYNTHESIS
Several vulnerabilities has been discovered in opensman.
Gravity: 2/4
Consequences: denial of service of service
Provenance: LAN
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 18/08/2008
Identifier: VIGILANCE-VUL-8037
IMPACTED PRODUCTS
– OpenSUSE [confidential versions]
DESCRIPTION
An attacker can replay packets during a SSL session, this can
affect the client confidentiality, this is function of system
configurations. [grav:2/4; CVE-2008-2233, SUSE-SA:2008:041]
An attacker can create an malicious authentication HTTP request to
generate a denial of service during decoding. [grav:2/4;
CVE-2008-2234, SUSE-SA:2008:041]
CHARACTERISTICS
Identifiers: BID-30694, CVE-2008-2233, CVE-2008-2234,
SUSE-SA:2008:041, VIGILANCE-VUL-8037