CVE-2006-0803

3 documents3 sources

Severity

5.0MEDIUM

EPSS

0.2%

top 56.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Suse Linux Suse Suse Linux

Timeline

PublishedFeb 23

Latest updateMay 1

Description

The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDsuse/suse_linux9.3

▶NVDnovell/suse_linux10.0

🔴Vulnerability Details

GHSA

GHSA-5fg2-37rc-xj2q: The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature ve↗2022-05-01

▶

CVEList

CVE-2006-0803: The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature ve↗2006-02-23

▶