Unrated severityNVD Advisory· Published Dec 31, 2002· Updated Jun 16, 2026

CVE-2002-2204

Description

The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.

Affected products

Red Hat/Redhat Package Manager4 versions
cpe:2.3:a:redhat:redhat_package_manager:4.0.2-71:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:redhat:redhat_package_manager:4.0.2-71:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:redhat_package_manager:4.0.2-72:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:redhat_package_manager:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:redhat_package_manager:4.0.4:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/5594nvdPatch
lists.netsys.com/pipermail/full-disclosure/2002-August/001167.htmlnvd
www.iss.net/security_center/static/10011.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000