Vulnerabilities > CVE-2007-3499 - Denial-Of-Service vulnerability in Slackroll 7
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg signatures.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |