HPI-VDB — Database for IT-Attack Analysis


ID: CVE-2003-0546

Last Modified: Oct. 11, 2017

up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.

Access Vector: Network

Access Complexity: Low

Authentication: None

Confidentiality Impact: Partial

Integrity Impact: Partial

Availability Impact: Partial

Base Score: 7.5

Exploitability Score: 10.0

Impact Score: 6.4

CVSS V2: AV:N/AC:L/Au:N/C:P/I:P/A:P

Specialize CVSS-Score

NVD-CWE-Other

Condition Configuration
OR
OR
Alle Schwachstellen für redhat
Alle Schwachstellen für redhat
Alle Schwachstellen für redhat
Alle Schwachstellen für redhat 
                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:redhat:up2date:3.0.7-1:*:i386:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:redhat:up2date:3.1.23-1:*:i386_gnome:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:redhat:up2date:3.0.7-1:*:i386_gnome:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:redhat:up2date:3.1.23-1:*:i386:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

                  
                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>