Strix
26.1K

CVE-2007-3499

UnknownEPSS 0.86%

Last modified

CVE-2007-3499 is a vulnerability of currently unknown severity. SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg signatures.. EPSS estimates a 0.86% chance of exploitation in the next 30 days.

Description

SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg signatures.

Metrics

EPSS Probability
0.86%

54.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
SlackrollSlackroll7

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2007-3499?
SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg signatures.
How severe is CVE-2007-3499?
Severity scoring for CVE-2007-3499 is pending analysis. The EPSS model estimates a 0.86% probability of exploitation in the next 30 days.
How do I fix CVE-2007-3499?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-3499?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST