Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

[R1] WebYaST /host Configuration Path Handling Unauthenticated Host List Manipulation

Medium

Synopsis

WebYaST contains a flaw that is triggered when handling the /host configuration path. The issue is due to the WebYaST interface not requiring authentication for configuring which host(s) it can configure. This may allow a remote attacker to modify the host list used for backend connections. This may ultimately lead to a disclosure of values sent by the program to the attacker, including their operating system credentials.

Solution

The vendor has released a patch to address this vulnerability.

Disclosure Timeline

2012-11-20 - Reported to CERT/CC for coordinated disclosure
2012-11-20 - CERT/CC acknowledges receiving the report, assigns VU#806908
2012-11-29 - Novell emails, assigns SR # 10805168319
2012-12-04 - Novell asks for confirmation on what they believe the vulnerability to be
2012-12-04 - Verified Novell's understanding of the vulnerability was correct
2013-01-23 - Patch made available, SUSE-SU-2013:0053-1 published

All information within TRA advisories is provided “as is”, without warranty of any kind, including the implied warranties of merchantability and fitness for a particular purpose, and with no guarantee of completeness, accuracy, or timeliness. Individuals and organizations are responsible for assessing the impact of any actual or potential security vulnerability.

Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order.

For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page.

If you have questions or corrections about this advisory, please email [email protected]