CVE-2014-0022

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/56637	Vendor Advisory
http://www.securityfocus.com/bid/65119
http://yum.baseurl.org/gitweb?p=yum.git%3Ba=commitdiff%3Bh=9df69e5794
https://bugzilla.redhat.com/show_bug.cgi?id=1052440
https://bugzilla.redhat.com/show_bug.cgi?id=1057377

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:baseurl:yum::::::::
	cpe:2.3:a:baseurl:yum:3.4.0:::::::*
	cpe:2.3:a:baseurl:yum:3.4.1:::::::*
	cpe:2.3:a:baseurl:yum:3.4.2:::::::*

History

No history.

Information

Published : 2014-01-26 16:58

Updated : 2024-02-04 18:35

NVD link : CVE-2014-0022

Mitre link : CVE-2014-0022

CVE.ORG link : CVE-2014-0022

JSON object : View

Products Affected

baseurl

yum

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2014-0022", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-26T16:58:11.197", "references": [{"url": "http://secunia.com/advisories/56637", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/65119", "source": "secalert@redhat.com"}, {"url": "http://yum.baseurl.org/gitweb?p=yum.git%3Ba=commitdiff%3Bh=9df69e5794", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052440", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1057377", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package."}, {"lang": "es", "value": "La funci\u00f3n installUpdates en yum-cron/yum-cron.py en yum 3.4.3 y anteriores no chequea apropiadamente el valor de retorno de la funci\u00f3n sigCheckPkg, lo cual permite a atacantes remotos sortear la restricci\u00f3n de firmado de paquetes RMP a trav\u00e9s de un paquete no firmado."}], "lastModified": "2023-02-13T00:29:57.690", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:baseurl:yum:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BEBBA1D-0651-459D-98CA-F3215397E869", "versionEndIncluding": "3.4.3"}, {"criteria": "cpe:2.3:a:baseurl:yum:3.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5484C2BC-A606-4537-84F7-9203499E3E93"}, {"criteria": "cpe:2.3:a:baseurl:yum:3.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10E52FC3-4ACA-450D-B5C7-1F153A569F31"}, {"criteria": "cpe:2.3:a:baseurl:yum:3.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BFDAC89-4838-4079-B6C9-0832F6ADCA9F"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}