Bypassing RPM Package Signing Restriction in yum-cron/yum-cron.py

Bypassing RPM Package Signing Restriction in yum-cron/yum-cron.py

CVE-2014-0022 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.

Learn more about our Web Application Penetration Testing UK.