← CVECheck
HomeVulnerabilities

CVE-2002-2204 — HIGH severity vulnerability (The default --checksig setting in RPM Package Manager 4.0.4)

The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.

CVE IDCVE-2002-2204
SeverityHIGH
CVSS score7.5
CVSS vectorAV:N/AC:L/Au:N/C:P/I:P/A:P
CWENVD-CWE-Other
StatusModified
Published2002-12-31
Last modified2026-04-16
DescriptionThe default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →