cvelistv5 - cve-2008-3249

CVE-2008-3249 (GCVE-0-2008-3249)

Vulnerability from cvelistv5 – Published: 2008-07-21 17:00 – Updated: 2024-08-07 09:28

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/30379	third-party-advisoryx_refsource_SECUNIA
	http://www.security-objectives.com/advisories/SEC…	x_refsource_MISC
	http://www.securityfocus.com/bid/29366	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/492579	mailing-listx_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://securitytracker.com/id?1020112	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:28:42.034Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "30379",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30379"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt"
          },
          {
            "name": "29366",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29366"
          },
          {
            "name": "20080525 SECOBJADV-2008-01: Lenovo SystemUpdate SSL Certificate Issuer Spoofing Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/492579"
          },
          {
            "name": "ibm-thinkvantage-ssl-spoofing(42638)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42638"
          },
          {
            "name": "1020112",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "30379",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30379"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt"
        },
        {
          "name": "29366",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29366"
        },
        {
          "name": "20080525 SECOBJADV-2008-01: Lenovo SystemUpdate SSL Certificate Issuer Spoofing Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/492579"
        },
        {
          "name": "ibm-thinkvantage-ssl-spoofing(42638)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42638"
        },
        {
          "name": "1020112",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3249",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "30379",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30379"
            },
            {
              "name": "http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt",
              "refsource": "MISC",
              "url": "http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt"
            },
            {
              "name": "29366",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29366"
            },
            {
              "name": "20080525 SECOBJADV-2008-01: Lenovo SystemUpdate SSL Certificate Issuer Spoofing Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/492579"
            },
            {
              "name": "ibm-thinkvantage-ssl-spoofing(42638)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42638"
            },
            {
              "name": "1020112",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3249",
    "datePublished": "2008-07-21T17:00:00",
    "dateReserved": "2008-07-21T00:00:00",
    "dateUpdated": "2024-08-07T09:28:42.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:thinkvantage_system_update:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.13.0005\", \"matchCriteriaId\": \"310DD62B-8E91-410B-8C43-A831A6F75B99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:thinkvantage_system_update:3.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3804A80E-EDC6-48A9-A7D6-CA04708729DE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.\"}, {\"lang\": \"es\", \"value\": \"Cliente de actualizaciones del sistema de Lenovo anerior a la v 3.14, no valida adecuadamente los certificados cuando establece una conexi\\u00f3n SSL, lo que permite a atacantes remotos instalar paquetes de su elecci\\u00f3n a trav\\u00e9s de un certificado SSL cuya cabecera X.509 coincide con un certificado p\\u00fablico usado por IBM.\"}]",
      "id": "CVE-2008-3249",
      "lastModified": "2024-11-21T00:48:48.303",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-07-21T17:41:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/30379\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1020112\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/492579\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/29366\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42638\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/30379\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1020112\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/492579\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/29366\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42638\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-255\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3249\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-07-21T17:41:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.\"},{\"lang\":\"es\",\"value\":\"Cliente de actualizaciones del sistema de Lenovo anerior a la v 3.14, no valida adecuadamente los certificados cuando establece una conexi\u00f3n SSL, lo que permite a atacantes remotos instalar paquetes de su elecci\u00f3n a trav\u00e9s de un certificado SSL cuya cabecera X.509 coincide con un certificado p\u00fablico usado por IBM.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:thinkvantage_system_update:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.13.0005\",\"matchCriteriaId\":\"310DD62B-8E91-410B-8C43-A831A6F75B99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:thinkvantage_system_update:3.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3804A80E-EDC6-48A9-A7D6-CA04708729DE\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/30379\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1020112\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/492579\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/29366\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42638\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1020112\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/492579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/29366\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42638\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2008-3249

Vulnerability from fkie_nvd - Published: 2008-07-21 17:41 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/30379	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1020112
cve@mitre.org	http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt
cve@mitre.org	http://www.securityfocus.com/archive/1/492579
cve@mitre.org	http://www.securityfocus.com/bid/29366
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/42638
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30379	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1020112
af854a3a-2127-422b-91ae-364da2661108	http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/492579
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29366
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/42638

Impacted products

	Vendor	Product	Version
	lenovo	thinkvantage_system_update	*
	lenovo	thinkvantage_system_update	3.13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lenovo:thinkvantage_system_update:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "310DD62B-8E91-410B-8C43-A831A6F75B99",
              "versionEndIncluding": "3.13.0005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lenovo:thinkvantage_system_update:3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "3804A80E-EDC6-48A9-A7D6-CA04708729DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM."
    },
    {
      "lang": "es",
      "value": "Cliente de actualizaciones del sistema de Lenovo anerior a la v 3.14, no valida adecuadamente los certificados cuando establece una conexi\u00f3n SSL, lo que permite a atacantes remotos instalar paquetes de su elecci\u00f3n a trav\u00e9s de un certificado SSL cuya cabecera X.509 coincide con un certificado p\u00fablico usado por IBM."
    }
  ],
  "id": "CVE-2008-3249",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-07-21T17:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30379"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1020112"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/492579"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/29366"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42638"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1020112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/492579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42638"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-200807-0235

Vulnerability from variot - Updated: 2023-12-18 13:40

The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM. Lenovo System Update is prone to a security-bypass vulnerability because the application fails to properly check SSL certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers, which can lead to the installation of arbitrary software on an affected computer. This may result in a complete compromise of the computer. This issue affects Lenovo System Update 3 (Version 3.13.0005, Build date 2008-1-3); other versions may also be vulnerable. Lenovo System Update is a set of system automatic update tools from Lenovo in China, which includes device driver updates, Windows system patch updates, etc. Lenovo's System Update service allows downloading and installing arbitrary update executables from fake servers. After the SSL negotiation is successful, the client will continue to download the XML file, which contains the path name, size and related SHA-1 hash to the EXE file. If the software version displayed in the XML file is higher than the version of the installed software, the EXE file will be downloaded, the SHA-1 hash will be calculated and compared with the hash defined in the XML file, and if it matches, it will be administrator Permission to execute executable programs. To exploit this vulnerability, the attacker must create a self-signed SSL certificate that contains the X.509 header values (issuer, common name, organization, etc.) of the public SSL certificate used by the SystemUpdate server (download.boulder.ibm.com) , the attacker would also modify the XML configuration file of the targeted software package so that the version number, file size, and SHA-1 hash match the malicious EXE file. When SystemUpdate tries to connect to the server, the attacker can accept the connection through techniques such as DNS spoofing and ARP redirection. Wireless networks are especially at risk because impersonation of access points can simplify attacks. Once SystemUpdate connects to TCP port 443, the fake server negotiates an SSL session with an attacker-created SSL certificate, then sends malicious XML and EXE files when SystemUpdate requests the targeted software package. ----------------------------------------------------------------------

Secunia Network Software Inspector 2.0 (NSI) - Public Beta

The Public Beta has ended. Thanks to all that participated.

Learn more: http://secunia.com/network_software_inspector_2/

TITLE: ThinkVantage System Update Missing SSL Certificate Chain Verification

SECUNIA ADVISORY ID: SA30379

VERIFY ADVISORY: http://secunia.com/advisories/30379/

CRITICAL: Less critical

IMPACT: Spoofing

WHERE:

From remote

SOFTWARE: ThinkVantage System Update 3.x http://secunia.com/product/15450/

DESCRIPTION: Derek Callaway has reported a security issue in ThinkVantage System Update, which can be exploited by malicious people to conduct spoofing attacks.

Successful exploitation allows e.g. downloading and executing malicious programs, but requires that the application connects to a malicious update server providing a specially crafted X.509 certificate (e.g. via DNS poisoning). Other versions may also be affected. http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-66956

PROVIDED AND/OR DISCOVERED BY: Derek Callaway, Security Objectives

ORIGINAL ADVISORY: SECOBJADV-2008-01: http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200807-0235",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "thinkvantage system update",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "lenovo",
        "version": "3.13"
      },
      {
        "model": "thinkvantage system update",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "3.13.0005"
      },
      {
        "model": "thinkvantage system update",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "lenovo",
        "version": "3.14"
      },
      {
        "model": "thinkvantage system update",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "3.13.0005"
      },
      {
        "model": "system update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "3"
      },
      {
        "model": "system update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "3.14"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "29366"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004654"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3249"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-352"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:thinkvantage_system_update:3.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:thinkvantage_system_update:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.13.0005",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-3249"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Derek Callaway",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-352"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-3249",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2008-3249",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "VHN-33374",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-3249",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200807-352",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-33374",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33374"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004654"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3249"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-352"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM. Lenovo System Update is prone to a security-bypass vulnerability because the application fails to properly check SSL certificates. \nSuccessfully exploiting this issue allows attackers to perform  man-in-the-middle attacks by impersonating trusted servers, which can lead  to the installation of arbitrary software on an affected computer. This may  result in a complete compromise of the computer. \nThis issue affects Lenovo System Update 3 (Version 3.13.0005, Build date 2008-1-3); other versions may also be vulnerable. Lenovo System Update is a set of system automatic update tools from Lenovo in China, which includes device driver updates, Windows system patch updates, etc. Lenovo\u0027s System Update service allows downloading and installing arbitrary update executables from fake servers. After the SSL negotiation is successful, the client will continue to download the XML file, which contains the path name, size and related SHA-1 hash to the EXE file. If the software version displayed in the XML file is higher than the version of the installed software, the EXE file will be downloaded, the SHA-1 hash will be calculated and compared with the hash defined in the XML file, and if it matches, it will be administrator Permission to execute executable programs. To exploit this vulnerability, the attacker must create a self-signed SSL certificate that contains the X.509 header values \u200b\u200b(issuer, common name, organization, etc.) of the public SSL certificate used by the SystemUpdate server (download.boulder.ibm.com) , the attacker would also modify the XML configuration file of the targeted software package so that the version number, file size, and SHA-1 hash match the malicious EXE file. When SystemUpdate tries to connect to the server, the attacker can accept the connection through techniques such as DNS spoofing and ARP redirection. Wireless networks are especially at risk because impersonation of access points can simplify attacks. Once SystemUpdate connects to TCP port 443, the fake server negotiates an SSL session with an attacker-created SSL certificate, then sends malicious XML and EXE files when SystemUpdate requests the targeted software package. ----------------------------------------------------------------------\n\nSecunia Network Software Inspector 2.0 (NSI) - Public Beta\n\nThe Public Beta has ended. Thanks to all that participated. \n\nLearn more:\nhttp://secunia.com/network_software_inspector_2/\n\n----------------------------------------------------------------------\n\nTITLE:\nThinkVantage System Update Missing SSL Certificate Chain Verification\n\nSECUNIA ADVISORY ID:\nSA30379\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/30379/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSpoofing\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nThinkVantage System Update 3.x\nhttp://secunia.com/product/15450/\n\nDESCRIPTION:\nDerek Callaway has reported a security issue in ThinkVantage System\nUpdate, which can be exploited by malicious people to conduct\nspoofing attacks. \n\nSuccessful exploitation allows e.g. downloading and executing\nmalicious programs, but requires that the application connects to a\nmalicious update server providing a specially crafted X.509\ncertificate (e.g. via DNS poisoning). Other versions\nmay also be affected. \nhttp://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=MIGR-66956\n\nPROVIDED AND/OR DISCOVERED BY:\nDerek Callaway, Security Objectives\n\nORIGINAL ADVISORY:\nSECOBJADV-2008-01:\nhttp://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-3249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004654"
      },
      {
        "db": "BID",
        "id": "29366"
      },
      {
        "db": "VULHUB",
        "id": "VHN-33374"
      },
      {
        "db": "PACKETSTORM",
        "id": "66635"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-3249",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "29366",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "30379",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1020112",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004654",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20080525 SECOBJADV-2008-01: LENOVO SYSTEMUPDATE SSL CERTIFICATE ISSUER SPOOFING VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "42638",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-352",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-33374",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "66635",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33374"
      },
      {
        "db": "BID",
        "id": "29366"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004654"
      },
      {
        "db": "PACKETSTORM",
        "id": "66635"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3249"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-352"
      }
    ]
  },
  "id": "VAR-200807-0235",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33374"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:40:28.270000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Lenovo System Update",
        "trust": 0.8,
        "url": "http://support.lenovo.com/en_us/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004654"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-255",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33374"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004654"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3249"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.security-objectives.com/advisories/secobjadv-2008-01.txt"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/29366"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/492579"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1020112"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/30379"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42638"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3249"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3249"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/42638"
      },
      {
        "trust": 0.4,
        "url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=migr-66956"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/492579"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15450/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector_2/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/30379/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33374"
      },
      {
        "db": "BID",
        "id": "29366"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004654"
      },
      {
        "db": "PACKETSTORM",
        "id": "66635"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3249"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-352"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-33374"
      },
      {
        "db": "BID",
        "id": "29366"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004654"
      },
      {
        "db": "PACKETSTORM",
        "id": "66635"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3249"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-352"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-07-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-33374"
      },
      {
        "date": "2008-05-25T00:00:00",
        "db": "BID",
        "id": "29366"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-004654"
      },
      {
        "date": "2008-05-27T20:29:09",
        "db": "PACKETSTORM",
        "id": "66635"
      },
      {
        "date": "2008-07-21T17:41:00",
        "db": "NVD",
        "id": "CVE-2008-3249"
      },
      {
        "date": "2008-05-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200807-352"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-33374"
      },
      {
        "date": "2015-05-07T17:28:00",
        "db": "BID",
        "id": "29366"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-004654"
      },
      {
        "date": "2017-08-08T01:31:42.747000",
        "db": "NVD",
        "id": "CVE-2008-3249"
      },
      {
        "date": "2009-04-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200807-352"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-352"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lenovo System Update Vulnerability to install arbitrary packages on the client",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004654"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-352"
      }
    ],
    "trust": 0.6
  }
}

GHSA-M2PG-H6P9-9J46

Vulnerability from github – Published: 2022-05-01 23:58 – Updated: 2022-05-01 23:58

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3249"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-07-21T17:41:00Z",
    "severity": "MODERATE"
  },
  "details": "The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.",
  "id": "GHSA-m2pg-h6p9-9j46",
  "modified": "2022-05-01T23:58:07Z",
  "published": "2022-05-01T23:58:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3249"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42638"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30379"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1020112"
    },
    {
      "type": "WEB",
      "url": "http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/492579"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29366"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-3249

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-3249

Aliases

CVE-2008-3249

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3249",
    "description": "The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.",
    "id": "GSD-2008-3249"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3249"
      ],
      "details": "The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.",
      "id": "GSD-2008-3249",
      "modified": "2023-12-13T01:23:05.890193Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-3249",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "30379",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30379"
          },
          {
            "name": "http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt",
            "refsource": "MISC",
            "url": "http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt"
          },
          {
            "name": "29366",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29366"
          },
          {
            "name": "20080525 SECOBJADV-2008-01: Lenovo SystemUpdate SSL Certificate Issuer Spoofing Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/492579"
          },
          {
            "name": "ibm-thinkvantage-ssl-spoofing(42638)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42638"
          },
          {
            "name": "1020112",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1020112"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:thinkvantage_system_update:3.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:thinkvantage_system_update:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.13.0005",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3249"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-255"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt"
            },
            {
              "name": "30379",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30379"
            },
            {
              "name": "1020112",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1020112"
            },
            {
              "name": "20080525 SECOBJADV-2008-01: Lenovo SystemUpdate SSL Certificate Issuer Spoofing Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/492579"
            },
            {
              "name": "29366",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/29366"
            },
            {
              "name": "ibm-thinkvantage-ssl-spoofing(42638)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42638"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:31Z",
      "publishedDate": "2008-07-21T17:41Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-3249 (GCVE-0-2008-3249)

FKIE_CVE-2008-3249

VAR-200807-0235

GHSA-M2PG-H6P9-9J46

GSD-2008-3249

Tags

Sightings

Nomenclature