CVE-2007-3499
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
29/06/2007
Last modified:
15/11/2008
Description
SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg signatures.
Impact
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:slackroll:slackroll:7:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page