Vulnerability Description
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Redhat Package Manager | 4.0.2-71 |
References
- http://lists.netsys.com/pipermail/full-disclosure/2002-August/001167.html
- http://www.iss.net/security_center/static/10011.php
- http://www.securityfocus.com/bid/5594Patch
- http://lists.netsys.com/pipermail/full-disclosure/2002-August/001167.html
- http://www.iss.net/security_center/static/10011.php
- http://www.securityfocus.com/bid/5594Patch
FAQ
What is CVE-2002-2204?
CVE-2002-2204 is a vulnerability with a CVSS score of 7.5 (HIGH). The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a maliciou...
How severe is CVE-2002-2204?
CVE-2002-2204 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2204?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Redhat Package Manager.