CVE-2014-0022

Published Jan 26, 2014

Last updated 2 years ago

Overview

Description: The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:baseurl:yum:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BEBBA1D-0651-459D-98CA-F3215397E869",
            "versionEndIncluding": "3.4.3"
          },
          {
            "criteria": "cpe:2.3:a:baseurl:yum:3.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5484C2BC-A606-4537-84F7-9203499E3E93"
          },
          {
            "criteria": "cpe:2.3:a:baseurl:yum:3.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10E52FC3-4ACA-450D-B5C7-1F153A569F31"
          },
          {
            "criteria": "cpe:2.3:a:baseurl:yum:3.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BFDAC89-4838-4079-B6C9-0832F6ADCA9F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References