[原文]The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack.
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Enterprise Server 9
The rug utility is prone to a man-in-the-middle vulnerability. This issue likely arises due to a design error.
An attacker may exploit this issue to gain access to sensitive contents of encrypted network traffic between the rug client and a server. Depending on the type of information that is disclosed, this issue may lead to other attacks as well.
Note that attackers may be able to exploit this issue from outside the firewall protecting an affected rug client, but firewall protection may make a successful exploit more difficult.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org
SUSE has released an advisory (SUSE-SA:2006:029) including fixes to address this issue. Please see the referenced advisory for more information.