Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-0435 at MITRE


SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984.
CVSS v2 Scores
  National Vulnerability Database
Base Score 5.76
Vector AV:N/AC:M/Au:N/C:P/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None

SUSE information

SUSE Bugzilla entry: 792712 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Studio Standard Edition 1.2
  • webyast-base-ui >= 0.2.63-0.6.1
SAT Patch Nr: 7236
WebYaST 1.2
  • webyast-base-ui >= 0.2.63-0.6.1
  • webyast-base-ui-branding-default >= 0.2.63-0.6.1
  • webyast-base-ui-testsuite >= 0.2.63-0.6.1
SAT Patch Nr: 7236