CVE-2006-0803

Published: Feb 23, 2006Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.

Affected (2)

Products: Novell: Suse Linux · Suse: Suse Linux

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Novell Suse Linux	Version 10.0
Suse Suse Linux	Version 9.3

References (6)

http://www.novell.com/linux/security/advisories/2006_09_gpg.html

Source: cve@mitre.org

Vendor Advisory

http://www.novell.com/linux/security/advisories/2006_13_gpg.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/16889

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2006_09_gpg.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.novell.com/linux/security/advisories/2006_13_gpg.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/16889

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.