Remote Repository Key Acceptance Flaw in SUSE openSUSE
CVE-2008-3187

Currently unrated

Key Information:

Vendor

Opensuse
Status
Zypper
Vendor
CVE Published:
21 July 2008

What is CVE-2008-3187?

In SUSE openSUSE versions 10.2, 10.3, and 11.0, the zypper tool's zypp-refresh-patches function fails to prompt users before accepting repository keys. This oversight allows attackers to exploit spoofed keys from remote repositories, potentially leading to denial of service by corrupting package data. Users may unknowingly accept malicious keys, risking system integrity and stability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.opensuse.org/opensuse-security-announce/2008...
vendor-advisoryx_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilities/43922
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/30293
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.