Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0255

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-0255
Last Modified 10 Sep 2008 03:18:25
Published 27 May 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0255

Summary

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.

Vulnerable Systems

Application

  • Gnu Privacy Guard 1.2.1


References

CERT-VN - VU#397604

REDHAT - RHSA-2003:175

BUGTRAQ - 20030504 Key validity bug in GnuPG 1.2.1 and earlier

XF - gnupg-invalid-key-acceptance(11930)

BID - 7497

REDHAT - RHSA-2003:176

OSVDB - 4947

TURBO - TLSA200334

MANDRAKE - MDKSA-2003:061

MISC - http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html

ENGARDE - 20030515-016

BUGTRAQ - 20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)

BUGTRAQ - 20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)

ENGARDE - ESA-20030515-016

CONECTIVA - CLA-2003:694


Last Updated: 27 May 2016 10:37:50