Vulnerabilities > CVE-2006-0803

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
suse
novell
nessus
NVD
Published: 2006-02-23
Updated: 2024-11-21

Summary

The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.

Vulnerable Configurations

Part Description Count
OS
Suse
1
OS
Novell
1

Nessus

NASL familySuSE Local Security Checks
NASL idSUSE9_10892.NASL
descriptionGPG signed files were checked by YAST using a method of GPG that was not using correct signature verification methods. This is tracked by the Mitre CVE ID CVE-2006-0803.
last seen2020-06-01
modified2020-06-02
plugin id41087
published2009-09-24
reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/41087
titleSuSE9 Security Update : liby2util (YOU Patch Number 10892)
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

include("compat.inc");

if (description)
{
  script_id(41087);
  script_version("1.7");
  script_cvs_date("Date: 2019/10/25 13:36:28");

  script_cve_id("CVE-2006-0803");

  script_name(english:"SuSE9 Security Update : liby2util (YOU Patch Number 10892)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 9 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"GPG signed files were checked by YAST using a method of GPG that was
not using correct signature verification methods.

This is tracked by the Mitre CVE ID CVE-2006-0803."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2006-0803/"
  );
  script_set_attribute(attribute:"solution", value:"Apply YOU patch number 10892.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/02/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SUSE9", reference:"liby2util-2.9.27-0.7")) flag++;
if (rpm_check(release:"SUSE9", reference:"liby2util-devel-2.9.27-0.7")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else exit(0, "The host is not affected.");

References