Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2006-0455

Published: 15/02/2006 Updated: 07/11/2023
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 465
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Gnu

Vulnerability Summary

gpgv in GnuPG prior to 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".

Vulnerable Product Search on Vulmon Subscribe to Product

gnu privacy guard 1.4.2

gnu privacy guard 1.4

gnu privacy guard 1.4.1

gnu privacy guard 1.0.3

gnu privacy guard 1.2.1

gnu privacy guard 1.0.7

gnu privacy guard 1.0.5

gnu privacy guard 1.0.6

gnu privacy guard 1.3.3

gnu privacy guard 1.2.2

gnu privacy guard 1.0

gnu privacy guard 1.0.2

gnu privacy guard 1.2.3

gnu privacy guard 1.2.6

gnu privacy guard 1.2.5

gnu privacy guard 1.0.4

gnu privacy guard 1.3.4

gnu privacy guard 1.0.1

gnu privacy guard 1.0.3b

gnu privacy guard 1.2

gnu privacy guard 1.2.7

gnu privacy guard 1.2.4

Vendor Advisories

Debian CVElist Bug Report Logs: gnupg: False positive signature verification in GnuPG
Debian Bug report logs - #353017 gnupg: False positive signature verification in GnuPG Package: gnupg; Maintainer for gnupg is Debian GnuPG Maintainers <pkg-gnupg-maint@listsaliothdebianorg>; Source for gnupg is src:gnupg2 (PTS, buildd, popcon) Reported by: Micah Anderson <micah@debianorg> Date: Wed, 15 Feb 2006 ...
Ubuntu Security Notice: gnupg vulnerability
Tavis Ormandy discovered a potential weakness in the signature verification of gnupg gpgv and gpg –verify returned a successful exit code even if the checked file did not have any signature at all The recommended way of checking the result is to evaluate the status messages, but some third party applications might just check the exit code for d ...
Debian Security Advisories: DSA-978-1 gnupg -- programming error
Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP replacement, verifies external signatures of files successfully even though they don't contain a signature at all For the old stable distribution (woody) this problem has been fixed in version 106-4woody4 For the stable distribution (sarge) this problem has been fixed in versi ...

Exploits

Exploit DB: GnuPG 1.x - Detached Signature Verification Bypass
source: wwwsecurityfocuscom/bid/16663/info GnuPG is affected by a detached signature verification-bypass vulnerability because it fails to properly notify scripts that an invalid detached signature was presented and that the verification process has failed Exploiting this issue allows attackers to bypass the signature-verification proce ...

References

NVD-CWE-Otherhttp://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.htmlhttp://secunia.com/advisories/18845http://www.us.debian.org/security/2006/dsa-978http://fedoranews.org/updates/FEDORA-2006-116.shtmlhttp://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.htmlhttp://www.ubuntu.com/usn/usn-252-1http://www.osvdb.org/23221http://secunia.com/advisories/18934http://secunia.com/advisories/18933http://secunia.com/advisories/18942http://secunia.com/advisories/18955http://www.gentoo.org/security/en/glsa/glsa-200602-10.xmlhttp://www.novell.com/linux/security/advisories/2006_09_gpg.htmlhttp://secunia.com/advisories/18956http://secunia.com/advisories/18968http://www.trustix.org/errata/2006/0008http://www.securityfocus.com/bid/16663http://www.novell.com/linux/security/advisories/2006_05_sr.htmlhttp://secunia.com/advisories/19130http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477http://www.redhat.com/support/errata/RHSA-2006-0266.htmlhttp://secunia.com/advisories/19249ftp://patches.sgi.com/support/free/security/advisories/20060401-01-Uhttp://secunia.com/advisories/19532http://www.novell.com/linux/security/advisories/2006_13_gpg.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:043http://www.vupen.com/english/advisories/2006/0610http://marc.info/?l=gnupg-devel&m=113999098729114&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/24744https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084http://www.securityfocus.com/archive/1/433931/100/0/threadedhttp://www.securityfocus.com/archive/1/425289/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=353017https://usn.ubuntu.com/252-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/27231/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook