Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SA:2006:029
HistoryMay 31, 2006 - 6:59 p.m.

remote command execution in rug

2006-05-3118:59:25
lists.opensuse.org
16

0.01 Low

EPSS

Percentile

82.1%

JSON

RedCarpet allows the remote administration of systems by running the rc daemon (rcd) on the server side to accept SSL encrypted commands from the client. The tool rug is such a client application that can be run from command-line. The client does not verify the SSL certificates received from the server and is therefore vulnerable to a man-in-the-middle attack which allows an attacker to read traffic and to insert commands.

Solution

No work-around is known for the man-in-the-middle attack. The permissions of the configuration file can be changed using the chmod(1) command as root.

Related

prion 2
cve 2
prion
prion
Authentication flaw
2006-06-01 10:02:00
Design/Logic Flaw
2006-06-01 10:02:00
cve
cve
CVE-2006-2703
2006-06-01 10:02:00
CVE-2006-2752
2006-06-01 10:02:00

0.01 Low

EPSS

Percentile

82.1%

JSON
Related for SUSE-SA:2006:029
prion2cve2