CVE-2008-3270

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Linux (RHEL) 5

Description The issue concerns a lack of SSL certificate verification for file downloads from a Red Hat Network (RHN) server, making it easier for remote attackers to cause a denial of service or force the download and installation of official Red Hat packages that were not requested. This could lead to a disruption in the integrity of protected information. The exploitation of this issue can be done remotely.

Recommendations For Red Hat Enterprise Linux (RHEL) 5, update the yum-rhn-plugin to a version that verifies SSL certificates for downloads from RHN servers. As a temporary workaround, consider restricting access to RHN servers to minimize the risk of exploitation.