CVE-2014-0022

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions yum versions 3.4.3 and earlier

Description The issue allows remote attackers to bypass the RMP package signing restriction, potentially leading to a violation of protected information integrity. This can be exploited remotely. The installUpdates function in yum-cron/yum-cron.py does not properly check the return value of the sigCheckPkg function, enabling the bypass via an unsigned package.

Recommendations For versions 3.4.3 and earlier, as a temporary workaround, consider disabling the installUpdates function until a patch is available. Restrict access to unsigned packages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-07747

BDU:2015-09089

CVE-2014-0022

RHSA-2014:1004

RHSA-2014_1004

Affected Products

Red Hat

Yum

CVE-2014-0022

Weakness Enumeration

Related Identifiers

Affected Products

References · 16