{"vuid":"VU#806908","idnumber":"806908","name":"SUSE WebYaST remotely accessible hosts list vulnerability","keywords":["suse","novell","webyast","mitm"],"overview":"The WebYaST hosts list is remotely accessible by unauthenticated attackers. An attacker may be able to add a malicious host to the list and perform a man-in-the-middle attack against WebYaST.","clean_desc":"The SUSE security advisory states: The hosts list used by WebYaST for connecting to it's back end part was modifiable allowing to point to a malicious website which then could access all values sent by WebYaST. The /host configuration path was removed to fix this issue. Additional details may be found in advisory SUSE-SU-2013:0053-1.","impact":"A remote unauthenticated attacker may be able to add a malicious server to the WebYaST hosts file and then be able to perform a man-in-the-middle attack against WebYaST.","resolution":"Apply an Update WebYaST patch slewyst12-webyast-base-ui-7236 has been released to address this vulnerability.","workarounds":"Restrict Access Firewall rules to block untrusted networks and hosts from accessing TCP port 4984 should be implemented.","sysaffected":"","thanks":"Thanks to Tenable Network Security for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://support.novell.com/security/cve/CVE-2012-0435.html","http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00008.html"],"cveids":["CVE-2012-0435"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-11-20T14:32:51Z","publicdate":"2013-01-23T00:00:00Z","datefirstpublished":"2013-01-25T21:28:31Z","dateupdated":"2013-01-25T21:28:35Z","revision":14,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"tcp","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"LM","cvss_targetdistribution":"M","cvss_securityrequirementscr":"M","cvss_securityrequirementsir":"M","cvss_securityrequirementsar":"L","cvss_basescore":"6.4","cvss_basevector":"AV:N/AC:L/Au:N/C:P/I:P/A:N","cvss_temporalscore":"5","cvss_environmentalscore":"4.9","cvss_environmentalvector":"CDP:LM/TD:M/CR:M/IR:M/AR:L","metric":0.0,"vulnote":null}