Lucene search
HistoryFeb 23, 2006 - 8:02 p.m.
CVE-2006-0803
signature verification
yast online update
gpg 1.4.x
nvd
6.8 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
59.2%
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.
| CPE | Name | Operator | Version |
|---|---|---|---|
| suse:suse_linux | suse suse linux | eq | 9.3 |
| novell:suse_linux | novell suse linux | eq | 10.0 |
References
Social References
More
Related
prion
prion
Code injection
2006-02-23 20:02:00
openvas
openvas
SLES9: Security update for liby2util
2009-10-10 00:00:00
SLES9: Security update for liby2util
2009-10-10 00:00:00
nessus
nessus
SuSE9 Security Update : liby2util (YOU Patch Number 10892)
2009-09-24 00:00:00
suse
suse
remote code execution in gpg,liby2util
2006-03-01 09:23:07
remote code execution in gpg,liby2util
2006-02-20 16:55:38
6.8 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
59.2%
Related for CVE-2006-0803