Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0049

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0049
Last Modified 07 Mar 2011 09:29:13
Published 13 Mar 2006 04:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0049

Summary

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.

Vulnerable Systems

Application

  • Gnu Privacy Guard 1.0

  • Gnu Privacy Guard 1.0.1

  • Gnu Privacy Guard 1.0.2

  • Gnu Privacy Guard 1.0.3

  • Gnu Privacy Guard 1.0.3b

  • Gnu Privacy Guard 1.0.4

  • Gnu Privacy Guard 1.0.5

  • Gnu Privacy Guard 1.0.6

  • Gnu Privacy Guard 1.0.7

  • Gnu Privacy Guard 1.2

  • Gnu Privacy Guard 1.2.1

  • Gnu Privacy Guard 1.2.2

  • Gnu Privacy Guard 1.2.3

  • Gnu Privacy Guard 1.2.4

  • Gnu Privacy Guard 1.2.5

  • Gnu Privacy Guard 1.2.6

  • Gnu Privacy Guard 1.2.7

  • Gnu Privacy Guard 1.3.3

  • Gnu Privacy Guard 1.3.4

  • Gnu Privacy Guard 1.4

  • Gnu Privacy Guard 1.4.1

  • Gnu Privacy Guard 1.4.2

  • Gnu Privacy Guard 1.4.2.1


References

BID - 17058

BUGTRAQ - 20060309 GnuPG does not detect injection of unsigned data

OSVDB - 23790

GENTOO - GLSA-200603-08

DEBIAN - DSA-993

SECTRACK - 1015749

SECUNIA - 19173

MLIST - [gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data

VUPEN - ADV-2006-0915

UBUNTU - USN-264-1

XF - gnupg-nondetached-sig-verification(25184)

TRUSTIX - 2006-0014

SLACKWARE - SSA:2006-072-02

FEDORA - FLSA-2006:185355

REDHAT - RHSA-2006:0266

FEDORA - FEDORA-2006-147

MANDRIVA - MDKSA-2006:055

SREASON - 568

SREASON - 450

SECUNIA - 19532

SECUNIA - 19287

SECUNIA - 19249

SECUNIA - 19244

SECUNIA - 19234

SECUNIA - 19232

SECUNIA - 19231

SECUNIA - 19203

SECUNIA - 19197

SUSE - SUSE-SA:2006:014

SGI - 20060401-01-U


Last Updated: 27 May 2016 10:41:30