Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Red Hat Linux Up2Date GPG签名冲突漏洞
Vulnerability Description
Red Hat Linux Up2Date是一款系统自动升级工具。 Red Hat Linux Up2Date不充分验证从网络下载的RPM包的GPG签名,远程攻击者可以利用这个漏洞提供没有签名的RPM包,下载并安装到目标系统里。 不过要利用这个漏洞,需要攻击者控制RedHat网络,但是由于使用up2date升级,通过SSL连接RedHat网络服务,并需要验证,因此基本不可能截获连接信息。所以只有入侵RedHat网络才能利用此漏洞。
CVSS Information
N/A
Vulnerability Type
N/A