The openwsman project provides an implementation of the Web Service Management specification. The SuSE Security-Team has found two critical issues in the code: - two remote buffer overflows while decoding the HTTP basic authentication header (CVE-2008-2234) - a possible SSL session replay attack affecting the client (depending on the configuration) (CVE-2008-2233) Both issues were fixed.

Solution

Please install the fixed package.

OSVersionArchitecturePackageVersionFilename
openSUSE11.0i586openwsman-debugsource< 2.0.0-3.3openwsman-debugsource-2.0.0-3.3.i586.rpm
openSUSE11.0i586openwsman-debuginfo< 2.0.0-3.3openwsman-debuginfo-2.0.0-3.3.i586.rpm
openSUSE11.0i586openwsman-server< 2.0.0-3.3openwsman-server-2.0.0-3.3.i586.rpm
openSUSE10.3i586openwsman< 1.2.0-14.4openwsman-1.2.0-14.4.i586.rpm
openSUSE11.0i586openwsman-python< 2.0.0-3.3openwsman-python-2.0.0-3.3.i586.rpm
openSUSE11.0i586libwsman-devel< 2.0.0-3.3libwsman-devel-2.0.0-3.3.i586.rpm
openSUSE11.0i586openwsman-client< 2.0.0-3.3openwsman-client-2.0.0-3.3.i586.rpm
openSUSE10.3i586openwsman-server< 1.2.0-14.4openwsman-server-1.2.0-14.4.i586.rpm
openSUSE11.0i586openwsman-ruby< 2.0.0-3.3openwsman-ruby-2.0.0-3.3.i586.rpm
openSUSE10.3i586openwsman-devel< 1.2.0-14.4openwsman-devel-1.2.0-14.4.i586.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	11.0	i586	openwsman-debugsource	< 2.0.0-3.3	openwsman-debugsource-2.0.0-3.3.i586.rpm
openSUSE	11.0	i586	openwsman-debuginfo	< 2.0.0-3.3	openwsman-debuginfo-2.0.0-3.3.i586.rpm
openSUSE	11.0	i586	openwsman-server	< 2.0.0-3.3	openwsman-server-2.0.0-3.3.i586.rpm
openSUSE	10.3	i586	openwsman	< 1.2.0-14.4	openwsman-1.2.0-14.4.i586.rpm
openSUSE	11.0	i586	openwsman-python	< 2.0.0-3.3	openwsman-python-2.0.0-3.3.i586.rpm
openSUSE	11.0	i586	libwsman-devel	< 2.0.0-3.3	libwsman-devel-2.0.0-3.3.i586.rpm
openSUSE	11.0	i586	openwsman-client	< 2.0.0-3.3	openwsman-client-2.0.0-3.3.i586.rpm
openSUSE	10.3	i586	openwsman-server	< 1.2.0-14.4	openwsman-server-1.2.0-14.4.i586.rpm
openSUSE	11.0	i586	openwsman-ruby	< 2.0.0-3.3	openwsman-ruby-2.0.0-3.3.i586.rpm
openSUSE	10.3	i586	openwsman-devel	< 1.2.0-14.4	openwsman-devel-1.2.0-14.4.i586.rpm

Rows per page:

1-10 of 121

openvas 50

nessus 53

osv 3

ubuntu 2

gentoo 2

securityvulns 7

fedora 7

debian 6

seebug 6

oraclelinux 2

vmware 2

redhat 5

centos 2

redhatcve 1

cve 9

ubuntucve 7

prion 8

debiancve 5

veracode 2

freebsd 1

saint 4

slackware 4

packetstorm 3

checkpoint_advisories 5

altlinux 2

freebsd_advisory 1

openvas

SuSE Update for openwsman SUSE-SA:2008:041

2009-01-23 00:00:00

Gentoo Security Advisory GLSA 200806-04 (rdesktop)

2008-09-24 00:00:00

Ubuntu Update for rdesktop vulnerabilities USN-646-1

2009-03-23 00:00:00

nessus

openSUSE 10 Security Update : rdesktop (rdesktop-5271)

2008-08-15 00:00:00

GLSA-200806-04 : rdesktop: Multiple vulnerabilities

2008-06-16 00:00:00

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : rdesktop vulnerabilities (USN-646-1)

2009-04-23 00:00:00

osv

rdesktop - several vulnerabilities

2008-05-11 00:00:00

pdns - DNS spoofing

2008-08-10 00:00:00

refpolicy - incompatible policy

2008-07-25 00:00:00

ubuntu

rdesktop vulnerabilities

2008-09-18 00:00:00

Bind vulnerability

2008-07-08 00:00:00

gentoo

rdesktop: Multiple vulnerabilities

2008-06-14 00:00:00

MySQL: Privilege bypass

2008-09-04 00:00:00

securityvulns

rdesktop multiple security vulnerabilities

2008-05-08 00:00:00

VMSA-2008-0015 Updated ESXi and ESX 3.5 packages address critical security issue in openwsman

2008-09-20 00:00:00

iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop iso_recv_msg() Integer Underflow Vulnerability

2008-05-08 00:00:00

fedora

[SECURITY] Fedora 8 Update: rdesktop-1.6.0-1.fc8

2008-05-14 22:12:39

[SECURITY] Fedora 9 Update: rdesktop-1.6.0-1.fc9

2008-05-14 22:08:33

[SECURITY] Fedora 7 Update: rdesktop-1.6.0-1.fc7

2008-05-14 22:15:23

debian

[SECURITY] [DSA 1573-1] New rdesktop packages fix several vulnerabilities

2008-05-12 08:54:07

[SECURITY] [DSA 1573-1] New php5 packages fix several vulnerabilities

2008-05-11 15:16:04

[SECURITY] [DSA 1627-1] New PowerDNS packages reduce DNS spoofing risk

2008-08-10 20:34:06

seebug

rdesktop多个缓冲区溢出漏洞

2008-05-10 00:00:00

Openwsman多个远程安全漏洞

2008-08-20 00:00:00

Gnome屏保程序本地信息泄露漏洞

2008-07-09 00:00:00

oraclelinux

rdesktop security update

2008-07-24 00:00:00

rdesktop security and bug fix update

2008-08-01 00:00:00

vmware

Updated ESXi and ESX 3.5 packages address critical security issue in openwsman

2008-09-18 00:00:00

Updated ESXi and ESX 3.5 packages address critical security issue in openwsman

2008-09-18 00:00:00

redhat

(RHSA-2008:0575) Moderate: rdesktop security update

2008-07-24 00:00:00

(RHSA-2008:0510) Moderate: Red Hat Application Stack v1.3 security and enhancement update

2008-07-02 00:00:00

(RHSA-2008:0576) Moderate: rdesktop security update

2008-07-24 00:00:00

centos

rdesktop security update

2008-07-24 19:41:48

rdesktop security update

2008-07-24 22:16:13

redhatcve

CVE-2008-3337

2019-10-04 20:21:18

cve

CVE-2008-3337

2008-08-08 19:41:00

CVE-2006-7232

2006-12-31 05:00:00

CVE-2008-2233

2008-08-18 17:41:00

ubuntucve

CVE-2008-3337

2008-08-08 00:00:00

CVE-2006-7232

2006-12-31 00:00:00

CVE-2007-6389

2007-12-17 00:00:00

prion

Code injection

2008-08-08 19:41:00

Design/Logic Flaw

2007-12-17 18:46:00

Code injection

2008-08-18 17:41:00

debiancve

CVE-2008-3337

2008-08-08 19:41:00

CVE-2007-6389

2007-12-17 18:46:00

CVE-2008-1803

2008-05-12 22:20:00

veracode

Denial Of Service (DoS)

2020-04-10 00:28:42

Privilege Escalation

2020-04-10 00:22:36

freebsd

mysql -- MyISAM table privileges security bypass vulnerability

2008-05-05 00:00:00

saint

Openwsman HTTP Basic Authentication buffer overflow

2008-10-17 00:00:00

Openwsman HTTP Basic Authentication buffer overflow

2008-10-17 00:00:00

Openwsman HTTP Basic Authentication buffer overflow

2008-10-17 00:00:00

slackware

[slackware-security] rdesktop

2008-05-28 03:54:58

[slackware-security] ruby

2008-11-29 21:37:03

[slackware-security] dnsmasq

2008-07-24 00:02:47

packetstorm

rdesktop-underflow.txt

2008-05-09 00:00:00

rdesktoppdu-overflow.txt

2008-05-12 00:00:00

bailiwicked_domain.rb.txt

2008-07-24 00:00:00

checkpoint_advisories

Openwsman HTTP Basic Authentication Buffer Overflow (CVE-2008-2234)

2010-06-14 00:00:00

RDesktop process_redirect_pdu BSS Overflow Buffer Overflow - Ver2 (CVE-2008-1802)

2014-12-28 00:00:00

Update Protection against openwsman HTTP Basic Authentication Buffer Overflow

2008-11-14 00:00:00

altlinux

Security fix for the ALT Linux 5 package ruby version 1.8.7-alt6

2008-08-12 00:00:00

Security fix for the ALT Linux 6 package bind version 9.3.5-alt2

2008-06-06 00:00:00

freebsd_advisory

FreeBSD-SA-08:06.bind

2008-07-13 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.959 High

EPSS

Percentile

99.3%

JSON

Related for SUSE-SA:2008:041