SuSE YaST Online Update脚本签名验证绕过漏洞
| CNNVD-ID编号 | CNNVD-200602-363 | CVE编号 | CVE-2006-0803 |
| 发布时间 | 2006-02-23 | 更新时间 | 2006-03-02 |
| 漏洞类型 | 设计错误 | 漏洞来源 | N/A |
| 危险等级 | 中危 | 威胁类型 | 远程 |
| 厂商 | suse | ||
漏洞介绍
YaST Online Update (YOU)脚本处理的签名验证功能取决于并非用于签名验证的gpg功能,在使用gpg 1.4.x时该功能会防止您检测无法通过签名检查的恶意脚本或代码。
漏洞补丁
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
S.u.S.E. Linux Professional 10.0
SuSE liby2util-2.12.9-0.4.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/liby2util-2.12.9 -0.4.i586.rpm
SuSE liby2util-2.12.9-0.4.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/liby2util-2.12.9- 0.4.ppc.rpm
SuSE liby2util-2.12.9-0.4.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/liby2util-2.12 .9-0.4.x86_64.rpm
SuSE liby2util-devel-2.12.9-0.4.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/liby2util-devel- 2.12.9-0.4.i586.rpm
SuSE liby2util-devel-2.12.9-0.4.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/liby2util-devel-2 .12.9-0.4.ppc.rpm
SuSE liby2util-devel-2.12.9-0.4.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/liby2util-deve l-2.12.9-0.4.x86_64.rpm
S.u.S.E. Linux Professional 9.1
SuSE gpg-1.2.4-68.10.i586.rpm
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/gpg-1.2.4-68.10.i 586.rpm
SuSE gpg-1.2.4-68.10.x86_64.rpm
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/gpg-1.2.4-68. 10.x86_64.rpm
SuSE liby2util-2.9.27-0.7.i586.rpm
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/liby2util-2.9.27- 0.7.i586.rpm
SuSE liby2util-2.9.27-0.7.x86_64.rpm
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/liby2util-2.9 .27-0.7.x86_64.rpm
SuSE liby2util-devel-2.9.27-0.7.i586.rpm
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/liby2util-devel-2 .9.27-0.7.i586.rpm
SuSE liby2util-devel-2.9.27-0.7.x86_64.rpm
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/liby2util-dev el-2.9.27-0.7.x86_64.rpm
S.u.S.E. Linux Professional 9.2
SuSE gpg-1.2.5-3.4.i586.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/gpg-1.2.5-3.4.i58 6.rpm
SuSE gpg-1.2.5-3.4.x86_64.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/gpg-1.2.5-3.4.x 86_64.rpm
SuSE liby2util-2.10.7-0.3.i586.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/liby2util-2.10.7- 0.3.i586.rpm
SuSE liby2util-2.10.7-0.3.x86_64.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/liby2util-2.10. 7-0.3.x86_64.rpm
SuSE liby2util-devel-2.10.7-0.3.i586.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/liby2util-devel-2 .10.7-0.3.i586.rpm
SuSE liby2util-devel-2.10.7-0.3.x86_64.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/liby2util-devel -2.10.7-0.3.x86_64.rpm
S.u.S.E. Linux Professional 9.3
SuSE liby2util-2.11.7-0.3.i586.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/liby2util-2.11.7- 0.3.i586.rpm
SuSE liby2util-2.11.7-0.3.x86_64.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/liby2util-2.11. 7-0.3.x86_64.rpm
SuSE liby2util-devel-2.11.7-0.3.i586.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/liby2util-devel-2 .11.7-0.3.i586.rpm
SuSE liby2util-devel-2.11.7-0.3.x86_64.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/liby2util-devel -2.11.7-0.3.x86_64.rpm
参考网址
来源: SUSE
名称: SUSE-SA:2006:009
链接:http://www.novell.com/linux/security/advisories/2006_09_gpg.html
来源: BID
名称: 16889
链接:http://www.securityfocus.com/bid/16889
受影响实体
Suse Suse_linux:10.0 Suse Suse_linux:9.3信息来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-363
评论