---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: SUSE update for openwsman SECUNIA ADVISORY ID: SA31429 VERIFY ADVISORY: http://secunia.com/advisories/31429/ CRITICAL: Moderately critical IMPACT: Hijacking, DoS, System access WHERE: >From local network OPERATING SYSTEM: openSUSE 10.3 http://secunia.com/product/16124/ openSUSE 11.0 http://secunia.com/product/19180/ DESCRIPTION: SUSE has issued an update for openwsman. This fixes some vulnerabilities, which can be exploited by malicious people to conduct replay attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. 1) A boundary error can be exploited to cause a DoS or potentially to compromise a vulnerable system. For more information: SA31410 2) An unspecified error can be exploited to hijack a session via a replay attack. SOLUTION: Apply updated packages. -- x86 Platform -- openSUSE 11.0: http://download.opensuse.org/pub/opensuse/debug/update/11.0/rpm/i586/openwsman-debuginfo-2.0.0-3.3.i586.rpm http://download.opensuse.org/pub/opensuse/debug/update/11.0/rpm/i586/openwsman-debugsource-2.0.0-3.3.i586.rpm http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/libwsman-devel-2.0.0-3.3.i586.rpm http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/libwsman1-2.0.0-3.3.i586.rpm http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/openwsman-client-2.0.0-3.3.i586.rpm http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/openwsman-python-2.0.0-3.3.i586.rpm http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/openwsman-ruby-2.0.0-3.3.i586.rpm http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/openwsman-server-2.0.0-3.3.i586.rpm openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/openwsman-1.2.0-14.4.i586.rpm http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/openwsman-client-1.2.0-14.4.i586.rpm http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/openwsman-devel-1.2.0-14.4.i586.rpm http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/openwsman-server-1.2.0-14.4.i586.rpm -- Sources -- openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/openwsman-1.2.0-14.4.src.rpm ORIGINAL ADVISORY: http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00003.html OTHER REFERENCES: SA31410: http://secunia.com/advisories/31410/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------