SuSE YaST Online Update脚本签名验证绕过漏洞

漏洞信息详情

SuSE YaST Online Update脚本签名验证绕过漏洞

• CNNVD编号：CNNVD-200602-363
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2006-0803
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2006-02-23
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-03-02
  
• 厂        商：
  
  suse
• 漏洞来源：
  SUSE

YaST Online Update (YOU)脚本处理的签名验证功能取决于并非用于签名验证的gpg功能，在使用gpg 1.4.x时该功能会防止您检测无法通过签名检查的恶意脚本或代码。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

S.u.S.E. Linux Professional 10.0

SuSE liby2util-2.12.9-0.4.i586.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/liby2util-2.12.9 -0.4.i586.rpm

SuSE liby2util-2.12.9-0.4.ppc.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/liby2util-2.12.9- 0.4.ppc.rpm

SuSE liby2util-2.12.9-0.4.x86_64.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/liby2util-2.12 .9-0.4.x86_64.rpm

SuSE liby2util-devel-2.12.9-0.4.i586.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/liby2util-devel- 2.12.9-0.4.i586.rpm

SuSE liby2util-devel-2.12.9-0.4.ppc.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/liby2util-devel-2 .12.9-0.4.ppc.rpm

SuSE liby2util-devel-2.12.9-0.4.x86_64.rpm

SUSE LINUX 10.0:

ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/liby2util-deve l-2.12.9-0.4.x86_64.rpm

S.u.S.E. Linux Professional 9.1

SuSE gpg-1.2.4-68.10.i586.rpm

SUSE LINUX 9.1:

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/gpg-1.2.4-68.10.i 586.rpm

SuSE gpg-1.2.4-68.10.x86_64.rpm

SUSE LINUX 9.1:

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/gpg-1.2.4-68. 10.x86_64.rpm

SuSE liby2util-2.9.27-0.7.i586.rpm

SUSE LINUX 9.1:

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/liby2util-2.9.27- 0.7.i586.rpm

SuSE liby2util-2.9.27-0.7.x86_64.rpm

SUSE LINUX 9.1:

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/liby2util-2.9 .27-0.7.x86_64.rpm

SuSE liby2util-devel-2.9.27-0.7.i586.rpm

SUSE LINUX 9.1:

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/liby2util-devel-2 .9.27-0.7.i586.rpm

SuSE liby2util-devel-2.9.27-0.7.x86_64.rpm

SUSE LINUX 9.1:

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/liby2util-dev el-2.9.27-0.7.x86_64.rpm

S.u.S.E. Linux Professional 9.2

SuSE gpg-1.2.5-3.4.i586.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/gpg-1.2.5-3.4.i58 6.rpm

SuSE gpg-1.2.5-3.4.x86_64.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/gpg-1.2.5-3.4.x 86_64.rpm

SuSE liby2util-2.10.7-0.3.i586.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/liby2util-2.10.7- 0.3.i586.rpm

SuSE liby2util-2.10.7-0.3.x86_64.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/liby2util-2.10. 7-0.3.x86_64.rpm

SuSE liby2util-devel-2.10.7-0.3.i586.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/liby2util-devel-2 .10.7-0.3.i586.rpm

SuSE liby2util-devel-2.10.7-0.3.x86_64.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/liby2util-devel -2.10.7-0.3.x86_64.rpm

S.u.S.E. Linux Professional 9.3

SuSE liby2util-2.11.7-0.3.i586.rpm

SUSE LINUX 9.3:

ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/liby2util-2.11.7- 0.3.i586.rpm

SuSE liby2util-2.11.7-0.3.x86_64.rpm

SUSE LINUX 9.3:

ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/liby2util-2.11. 7-0.3.x86_64.rpm

SuSE liby2util-devel-2.11.7-0.3.i586.rpm

SUSE LINUX 9.3:

ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/liby2util-devel-2 .11.7-0.3.i586.rpm

SuSE liby2util-devel-2.11.7-0.3.x86_64.rpm

SUSE LINUX 9.3:

ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/liby2util-devel -2.11.7-0.3.x86_64.rpm

来源: SUSE

名称: SUSE-SA:2006:009

链接:http://www.novell.com/linux/security/advisories/2006_09_gpg.html

来源: BID

名称: 16889

链接:http://www.securityfocus.com/bid/16889

来源: SUSE

名称: SUSE-SA:2006:013

链接:http://www.novell.com/linux/security/advisories/2006_13_gpg.html