Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11172

HistoryJan 15, 2019 - 8:57 a.m.

Authorization Bypass

2019-01-1508:57:57

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

EPSS

0.006

Percentile

78.5%

yum-updatesd is vulnerable to authorization bypass attacks. The vulnerability exists as the installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.

References

secunia.com/advisories/56637

www.securityfocus.com/bid/65119

yum.baseurl.org/gitweb?p=yum.git%3Ba=commitdiff%3Bh=9df69e5794

yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=9df69e5794

access.redhat.com/errata/RHSA-2014:1004

access.redhat.com/security/cve/CVE-2014-0022

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1052440

bugzilla.redhat.com/show_bug.cgi?id=1057377

rhn.redhat.com/errata/RHSA-2014-1004.html

EPSS

0.006

Percentile

78.5%

Related for VERACODE:11172

openvas4 oraclelinux1 nessus5 nvd1 amazon1 cve1 ubuntucve1 centos1 prion1 redhat1 cvelist1 rosalinux1