Vulnerabilities > CVE-2002-2204 - Unspecified vulnerability in Redhat Package Manager
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source. A large degree of social engineering and user interaction is neccessary to exploit this vulnerbility.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Statements
| contributor | Mark J Cox |
| lastmodified | 2006-08-30 |
| organization | Red Hat |
| statement | We do not believe this is a security vulnerability. This is the documented and expected behaviour of rpm. |