CVE-2006-0803
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/02/2006
Last modified:
03/04/2025
Description
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:novell:suse_linux:10.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:suse:suse_linux:9.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.novell.com/linux/security/advisories/2006_09_gpg.html
- http://www.novell.com/linux/security/advisories/2006_13_gpg.html
- http://www.securityfocus.com/bid/16889
- http://www.novell.com/linux/security/advisories/2006_09_gpg.html
- http://www.novell.com/linux/security/advisories/2006_13_gpg.html
- http://www.securityfocus.com/bid/16889