Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0455

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2006-0455
Last Modified 18 Oct 2011 12:00:00
Published 15 Feb 2006 05:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-0455

Summary

gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".

Vulnerable Systems

Application

  • Gnu Privacy Guard 1.0

  • Gnu Privacy Guard 1.0.1

  • Gnu Privacy Guard 1.0.2

  • Gnu Privacy Guard 1.0.3

  • Gnu Privacy Guard 1.0.3b

  • Gnu Privacy Guard 1.0.4

  • Gnu Privacy Guard 1.0.5

  • Gnu Privacy Guard 1.0.6

  • Gnu Privacy Guard 1.0.7

  • Gnu Privacy Guard 1.2

  • Gnu Privacy Guard 1.2.1

  • Gnu Privacy Guard 1.2.2

  • Gnu Privacy Guard 1.2.3

  • Gnu Privacy Guard 1.2.4

  • Gnu Privacy Guard 1.2.5

  • Gnu Privacy Guard 1.2.6

  • Gnu Privacy Guard 1.2.7

  • Gnu Privacy Guard 1.3.3

  • Gnu Privacy Guard 1.3.4

  • Gnu Privacy Guard 1.4

  • Gnu Privacy Guard 1.4.1

  • Gnu Privacy Guard 1.4.2


References

DEBIAN - DSA-978

SLACKWARE - SSA:2006-072-02

BID - 16663

SUSE - SUSE-SA:2006:009

GENTOO - GLSA-200602-10

SECUNIA - 18968

SECUNIA - 18956

SECUNIA - 18955

SECUNIA - 18942

SECUNIA - 18934

SECUNIA - 18933

MLIST - [gnupg-devel] 20060215 [Announce] False positive signature verification in GnuPG

XF - gnupg-gpgv-improper-verification(24744)

VUPEN - ADV-2006-0610

UBUNTU - USN-252-1

TRUSTIX - 2006-0008

FEDORA - FLSA-2006:185355

BUGTRAQ - 20060215 False positive signature verification in GnuPG

REDHAT - RHSA-2006:0266

OSVDB - 23221

OPENPKG - OpenPKG-SA-2006.001

SUSE - SUSE-SA:2006:013

SUSE - SUSE-SR:2006:005

MANDRIVA - MDKSA-2006:043

SECUNIA - 19532

SECUNIA - 19249

SECUNIA - 19130

SECUNIA - 18845

MLIST - [gnupg-announce] 20060215 False positive signature verification in GnuPG

FEDORA - FEDORA-2006-116

SGI - 20060401-01-U


Last Updated: 27 May 2016 10:41:39