ID CVE-2006-0803
Summary The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.
References
Vulnerable Configurations
  • cpe:2.3:o:novell:suse_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.3:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.3:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 16889
suse
  • SUSE-SA:2006:009
  • SUSE-SA:2006:013
Last major update 30-10-2018 - 16:25
Published 23-02-2006 - 20:02
Last modified 30-10-2018 - 16:25
Back to Top