Remote Repository Key Acceptance Flaw in SUSE openSUSE
CVE-2008-3187
Currently unrated
What is CVE-2008-3187?
In SUSE openSUSE versions 10.2, 10.3, and 11.0, the zypper tool's zypp-refresh-patches function fails to prompt users before accepting repository keys. This oversight allows attackers to exploit spoofed keys from remote repositories, potentially leading to denial of service by corrupting package data. Users may unknowingly accept malicious keys, risking system integrity and stability.