CVE-2008-3249

Currently unrated

Key Information:

Vendor: Lenovo
Status: Thinkvantage System Update
Vendor: CVE Published:; 21 July 2008

Summary

The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.

References

http://secunia.com/advisories/30379

third-party-advisoryx_refsource_SECUNIA

http://www.security-objectives.com/advisories/SECOBJADV-2...

x_refsource_MISC

http://www.securityfocus.com/bid/29366

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 21, 2008
Vulnerability Reserved
Jul 21, 2008