Overview
The WebYaST hosts list is remotely accessible by unauthenticated attackers. An attacker may be able to add a malicious host to the list and perform a man-in-the-middle attack against WebYaST.
Description
The SUSE security advisory states: The hosts list used by WebYaST for connecting to it's back end part was modifiable allowing to point to a malicious website which then could access all values sent by WebYaST. The /host configuration path was removed to fix this issue. |
Impact
A remote unauthenticated attacker may be able to add a malicious server to the WebYaST hosts file and then be able to perform a man-in-the-middle attack against WebYaST. |
Solution
Apply an Update |
Restrict Access |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 6.4 | AV:N/AC:L/Au:N/C:P/I:P/A:N |
| Temporal | 5 | E:POC/RL:OF/RC:C |
| Environmental | 4.9 | CDP:LM/TD:M/CR:M/IR:M/AR:L |
References
Acknowledgements
Thanks to Tenable Network Security for reporting this vulnerability.
This document was written by Jared Allar.
Other Information
| CVE IDs: | CVE-2012-0435 |
| Date Public: | 2013-01-23 |
| Date First Published: | 2013-01-25 |
| Date Last Updated: | 2013-01-25 21:28 UTC |
| Document Revision: | 14 |