Vulnerability Description
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Suse Linux | 10.0 |
| Suse | Suse Linux | 9.3 |
References
- http://www.novell.com/linux/security/advisories/2006_09_gpg.htmlVendor Advisory
- http://www.novell.com/linux/security/advisories/2006_13_gpg.html
- http://www.securityfocus.com/bid/16889
- http://www.novell.com/linux/security/advisories/2006_09_gpg.htmlVendor Advisory
- http://www.novell.com/linux/security/advisories/2006_13_gpg.html
- http://www.securityfocus.com/bid/16889
FAQ
What is CVE-2006-0803?
CVE-2006-0803 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting mali...
How severe is CVE-2006-0803?
CVE-2006-0803 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0803?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Suse Linux, Suse Suse Linux.