Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2007-1263

Published: 06/03/2007 Updated: 16/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Gnupg

Vulnerability Summary

GnuPG 1.4.6 and previous versions and GPGME prior to 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote malicious users to forge the contents of a message without detection.

Vulnerable Product Search on Vulmon Subscribe to Product

gnupg gnupg

gnu gpgme

Vendor Advisories

Debian CVElist Bug Report Logs: SECURITY: multiple message problem
Debian Bug report logs - #413922 SECURITY: multiple message problem Package: gnupg; Maintainer for gnupg is Debian GnuPG Maintainers <pkg-gnupg-maint@listsaliothdebianorg>; Source for gnupg is src:gnupg2 (PTS, buildd, popcon) Reported by: Jose Carlos Garcia Sogo <jsogo@debianorg> Date: Wed, 7 Mar 2007 22:36:01 U ...
Ubuntu Security Notice: gnupg vulnerability
Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without –status-fd, there is no way to distinguish initial unsigned messages from a following signed message An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender ...
Ubuntu Security Notice: gnupg2, gpgme1.0 vulnerability
USN-432-1 fixed a vulnerability in GnuPG This update provides the corresponding updates for GnuPG2 and the GPGME library ...
Debian Security Advisories: DSA-1266-1 gnupg -- several vulnerabilities
Gerardo Richarte discovered that GnuPG, a free PGP replacement, provides insufficient user feedback if an OpenPGP message contains both unsigned and signed portions Inserting text segments into an otherwise signed message could be exploited to forge the content of signed messages This update prevents such attacks; the old behaviour can still be a ...

Exploits

Exploit DB: GnuPG 1.x - Signed Message Arbitrary Content Injection
source: wwwsecurityfocuscom/bid/22757/info GnuPG is prone to a weakness that may allow an attacker to add arbitrary content into a message without the end user knowing An attacker may be able to exploit this issue in applications using GnuPG to add arbitrary content into a signed and/or encrypted message Exploiting this issue depends ...

References

NVD-CWE-Otherhttp://www.coresecurity.com/?action=item&id=1687http://www.securityfocus.com/bid/22757http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.htmlhttps://issues.rpath.com/browse/RPL-1111http://www.debian.org/security/2007/dsa-1266http://fedoranews.org/cms/node/2776http://fedoranews.org/cms/node/2775http://www.redhat.com/support/errata/RHSA-2007-0106.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0107.htmlhttp://www.ubuntu.com/usn/usn-432-1http://www.ubuntu.com/usn/usn-432-2http://www.securitytracker.com/id?1017727http://secunia.com/advisories/24365http://secunia.com/advisories/24420http://secunia.com/advisories/24438http://secunia.com/advisories/24489http://secunia.com/advisories/24511http://secunia.com/advisories/24544ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.aschttp://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.htmlhttp://secunia.com/advisories/24734http://secunia.com/advisories/24650http://support.avaya.com/elmodocs2/security/ASA-2007-144.htmhttp://secunia.com/advisories/24875http://www.mandriva.com/security/advisories?name=MDKSA-2007:059http://www.trustix.org/errata/2007/0009/http://secunia.com/advisories/24407http://secunia.com/advisories/24419http://securityreason.com/securityalert/2353http://www.vupen.com/english/advisories/2007/0835https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10496http://www.securityfocus.com/archive/1/461958/30/7710/threadedhttp://www.securityfocus.com/archive/1/461958/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413922https://nvd.nist.govhttps://usn.ubuntu.com/432-1/https://www.exploit-db.com/exploits/29689/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook