CVE-2006-0803
First published: Thu Feb 23 2006(Updated: )
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Linux | =9.3 | |
| SUSE Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-0803?
CVE-2006-0803 is considered a medium severity vulnerability due to its impact on signature verification in the YaST Online Update.
How do I fix CVE-2006-0803?
To fix CVE-2006-0803, update YaST Online Update to a version that does not rely on the flawed gpg feature for signature verification.
Which software versions are affected by CVE-2006-0803?
CVE-2006-0803 affects SUSE Linux versions 9.3 and 10.0.
What is the impact of CVE-2006-0803?
The impact of CVE-2006-0803 is that malicious scripts may not be detected during installation due to compromised signature verification.
Is there a workaround for CVE-2006-0803?
A temporary workaround for CVE-2006-0803 includes performing manual verification of scripts before running updates.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/suse
- canonical/suse linux
- version/suse linux/9.3
- vendor/novell
- version/suse linux/10.0