Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2006-0049

Published: 13/03/2006 Updated: 19/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Privacy Guard

Vulnerability Summary

gpg in GnuPG prior to 1.4.2.2 does not properly verify non-detached signatures, which allows malicious users to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu privacy guard 1.0

gnu privacy guard 1.0.1

gnu privacy guard 1.0.7

gnu privacy guard 1.2

gnu privacy guard 1.2.7

gnu privacy guard 1.3.3

gnu privacy guard 1.0.5

gnu privacy guard 1.0.6

gnu privacy guard 1.2.5

gnu privacy guard 1.2.6

gnu privacy guard 1.4.2.1

gnu privacy guard 1.0.2

gnu privacy guard 1.0.3

gnu privacy guard 1.2.1

gnu privacy guard 1.2.2

gnu privacy guard 1.3.4

gnu privacy guard 1.4

gnu privacy guard 1.0.3b

gnu privacy guard 1.0.4

gnu privacy guard 1.2.3

gnu privacy guard 1.2.4

gnu privacy guard 1.4.1

gnu privacy guard 1.4.2

Vendor Advisories

Debian CVElist Bug Report Logs: gnupg: does not detect injection of unsigned data
Debian Bug report logs - #356125 gnupg: does not detect injection of unsigned data Package: gnupg; Maintainer for gnupg is Debian GnuPG Maintainers <pkg-gnupg-maint@listsaliothdebianorg>; Source for gnupg is src:gnupg2 (PTS, buildd, popcon) Reported by: Bart Martens <bartmartens@advalvasbe> Date: Thu, 9 Mar 200 ...
Ubuntu Security Notice: gnupg vulnerability
Tavis Ormandy discovered a flaw in gnupg’s signature verification In some cases, certain invalid signature formats could cause gpg to report a ‘good signature’ result for auxiliary unsigned data which was prepended or appended to the checked message part ...
Debian Security Advisories: DSA-993-2 gnupg -- programming error
Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP replacement, can be tricked to emit a "good signature" status message when a valid signature is included which does not belong to the data packet This update basically adds fixed packages for woody whose version turned out to be vulnerable as well For the old stable distribution ...

References

NVD-CWE-Otherhttp://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.htmlhttp://www.debian.org/security/2006/dsa-993http://www.gentoo.org/security/en/glsa/glsa-200603-08.xmlhttp://www.securityfocus.com/bid/17058http://www.osvdb.org/23790http://securitytracker.com/id?1015749http://secunia.com/advisories/19173http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.htmlhttp://secunia.com/advisories/19203http://secunia.com/advisories/19244http://www.redhat.com/support/errata/RHSA-2006-0266.htmlhttp://www.trustix.org/errata/2006/0014http://secunia.com/advisories/19231http://secunia.com/advisories/19249http://secunia.com/advisories/19287http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.htmlhttp://secunia.com/advisories/19197http://secunia.com/advisories/19232http://secunia.com/advisories/19234http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477ftp://patches.sgi.com/support/free/security/advisories/20060401-01-Uhttp://secunia.com/advisories/19532http://www.mandriva.com/security/advisories?name=MDKSA-2006:055http://securityreason.com/securityalert/450http://securityreason.com/securityalert/568http://www.vupen.com/english/advisories/2006/0915https://exchange.xforce.ibmcloud.com/vulnerabilities/25184https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063https://usn.ubuntu.com/264-1/http://www.securityfocus.com/archive/1/433931/100/0/threadedhttp://www.securityfocus.com/archive/1/427324/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356125https://usn.ubuntu.com/264-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook