CVE-2003-0546

up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=106036724315539&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A631
http://marc.info/?l=bugtraq&m=106036724315539&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A631

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:up2date:3.0.7-1::i386:::::
	cpe:2.3:a:redhat:up2date:3.0.7-1::i386_gnome:::::
	cpe:2.3:a:redhat:up2date:3.1.23-1::i386:::::
	cpe:2.3:a:redhat:up2date:3.1.23-1::i386_gnome:::::

History

20 Nov 2024, 23:44

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=106036724315539&w=2 -~~	() http://marc.info/?l=bugtraq&m=106036724315539&w=2 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A631 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A631 -

Information

Published : 2003-08-27 04:00

Updated : 2024-11-20 23:44

NVD link : CVE-2003-0546

Mitre link : CVE-2003-0546

CVE.ORG link : CVE-2003-0546

JSON object : View

Products Affected

redhat

up2date

CWE

NVD-CWE-Other

{"id": "CVE-2003-0546", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2003-08-27T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=106036724315539&w=2", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A631", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=106036724315539&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A631", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised."}, {"lang": "es", "value": "up2date 3.0.7 3.1.23 no verifica adecuadamente firmas RPM GPG, lo que podr\u00eda permitir a atacantes remotos instalar paquetes sin firmar de la Red Hat Network, si esa red queda comprometida."}], "lastModified": "2024-11-20T23:44:59.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:up2date:3.0.7-1:*:i386:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF04F053-8845-4599-A238-6D4B729A558D"}, {"criteria": "cpe:2.3:a:redhat:up2date:3.0.7-1:*:i386_gnome:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A584844-43A9-486A-8E4E-8D20CBD34B8E"}, {"criteria": "cpe:2.3:a:redhat:up2date:3.1.23-1:*:i386:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0238C23-FDB9-4E7B-980C-39AA99AC81F0"}, {"criteria": "cpe:2.3:a:redhat:up2date:3.1.23-1:*:i386_gnome:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B9C6FBD-59FA-4420-B159-48094905668A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}