Lucene search
HistoryFeb 23, 2006 - 8:02 p.m.
CVE-2006-0803
signature verification
yast online update
gpg 1.4.x
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.5 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
59.9%
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.
Affected configurations
Node
novellsuse_linuxMatch10.0
ORsusesuse_linuxMatch9.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| novell:suse_linux | novell suse linux | eq | 10.0 |
| suse:suse_linux | suse suse linux | eq | 9.3 |
References
Social References
More
Related
cvelist
cvelist
CVE-2006-0803
2006-02-23 20:00:00
nessus
nessus
SuSE9 Security Update : liby2util (YOU Patch Number 10892)
2009-09-24 00:00:00
openvas
openvas
SLES9: Security update for liby2util
2009-10-10 00:00:00
SLES9: Security update for liby2util
2009-10-10 00:00:00
nvd
nvd
CVE-2006-0803
2006-02-23 20:02:00
prion
prion
Code injection
2006-02-23 20:02:00
suse
suse
remote code execution in gpg,liby2util
2006-02-20 16:55:38
remote code execution in gpg,liby2util
2006-03-01 09:23:07
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.5 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
59.9%
Related for CVE-2006-0803