发布时间 :2006-02-23 15:02:00
修订时间 :2008-09-05 17:00:15

[原文]The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.

[CNNVD]SuSE YaST Online Update脚本签名验证绕过漏洞(CNNVD-200602-363)

        YaST Online Update (YOU)脚本处理的签名验证功能取决于并非用于签名验证的gpg功能,在使用gpg 1.4.x时该功能会防止您检测无法通过签名检查的恶意脚本或代码。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:suse:suse_linux:9.3SuSE SuSE Linux 9.3

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BID  16889

- 漏洞信息

SuSE YaST Online Update脚本签名验证绕过漏洞
中危 设计错误
2006-02-23 00:00:00 2006-03-02 00:00:00
        YaST Online Update (YOU)脚本处理的签名验证功能取决于并非用于签名验证的gpg功能,在使用gpg 1.4.x时该功能会防止您检测无法通过签名检查的恶意脚本或代码。

- 公告与补丁

        S.u.S.E. Linux Professional 10.0
        SuSE liby2util-2.12.9-0.4.i586.rpm
        SUSE LINUX 10.0: -0.4.i586.rpm
        SuSE liby2util-2.12.9-0.4.ppc.rpm
        SUSE LINUX 10.0: 0.4.ppc.rpm
        SuSE liby2util-2.12.9-0.4.x86_64.rpm
        SUSE LINUX 10.0: .9-0.4.x86_64.rpm
        SuSE liby2util-devel-2.12.9-0.4.i586.rpm
        SUSE LINUX 10.0: 2.12.9-0.4.i586.rpm
        SuSE liby2util-devel-2.12.9-0.4.ppc.rpm
        SUSE LINUX 10.0: .12.9-0.4.ppc.rpm
        SuSE liby2util-devel-2.12.9-0.4.x86_64.rpm
        SUSE LINUX 10.0: l-2.12.9-0.4.x86_64.rpm
        S.u.S.E. Linux Professional 9.1
        SuSE gpg-1.2.4-68.10.i586.rpm
        SUSE LINUX 9.1: 586.rpm
        SuSE gpg-1.2.4-68.10.x86_64.rpm
        SUSE LINUX 9.1: 10.x86_64.rpm
        SuSE liby2util-2.9.27-0.7.i586.rpm
        SUSE LINUX 9.1: 0.7.i586.rpm
        SuSE liby2util-2.9.27-0.7.x86_64.rpm
        SUSE LINUX 9.1: .27-0.7.x86_64.rpm
        SuSE liby2util-devel-2.9.27-0.7.i586.rpm
        SUSE LINUX 9.1: .9.27-0.7.i586.rpm
        SuSE liby2util-devel-2.9.27-0.7.x86_64.rpm
        SUSE LINUX 9.1: el-2.9.27-0.7.x86_64.rpm
        S.u.S.E. Linux Professional 9.2
        SuSE gpg-1.2.5-3.4.i586.rpm
        SUSE LINUX 9.2: 6.rpm
        SuSE gpg-1.2.5-3.4.x86_64.rpm
        SUSE LINUX 9.2: 86_64.rpm
        SuSE liby2util-2.10.7-0.3.i586.rpm
        SUSE LINUX 9.2: 0.3.i586.rpm
        SuSE liby2util-2.10.7-0.3.x86_64.rpm
        SUSE LINUX 9.2: 7-0.3.x86_64.rpm
        SuSE liby2util-devel-2.10.7-0.3.i586.rpm
        SUSE LINUX 9.2: .10.7-0.3.i586.rpm
        SuSE liby2util-devel-2.10.7-0.3.x86_64.rpm
        SUSE LINUX 9.2: -2.10.7-0.3.x86_64.rpm
        S.u.S.E. Linux Professional 9.3
        SuSE liby2util-2.11.7-0.3.i586.rpm
        SUSE LINUX 9.3: 0.3.i586.rpm
        SuSE liby2util-2.11.7-0.3.x86_64.rpm
        SUSE LINUX 9.3: 7-0.3.x86_64.rpm
        SuSE liby2util-devel-2.11.7-0.3.i586.rpm
        SUSE LINUX 9.3: .11.7-0.3.i586.rpm
        SuSE liby2util-devel-2.11.7-0.3.x86_64.rpm
        SUSE LINUX 9.3: -2.11.7-0.3.x86_64.rpm

- 漏洞信息

SuSE YaST YaST Online Update (YOU) Signature Verification Bypass

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-02-20 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

SuSE YaST Online Update Script Signature Verification Bypass Vulnerability
Design Error 16889
Yes No
2006-02-20 12:00:00 2006-12-14 06:43:00
Announced by the vendor.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. UnitedLinux 1.0
S.u.S.E. Open-Enterprise-Server 1
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0

- 漏洞讨论

SuSE YaST Online Update (YOU) is prone to a signature-bypass vulnerability. This could allow any script to be supplied and executed by the YOU utility. To exploit this issue, an attacker would have to be able to manipulate files on a YOU mirror or perform a man-in-the-middle attack.

- 漏洞利用

Exploit code is not required.

- 解决方案

Please see the referenced vendor advisories for details on obtaining and applying fixes.

S.u.S.E. Linux Professional 10.0

S.u.S.E. Linux Professional 9.1

S.u.S.E. Linux Professional 9.2

S.u.S.E. Linux Professional 9.3

- 相关参考