Search
Find a vulnerability
Search criteria
20 vulnerabilities found for privacy_guard by gnu
CVE-2006-6235 (GCVE-0-2006-6235)
Vulnerability from nvd – Published: 2006-12-07 11:00 – Updated: 2024-08-07 20:19
VLAI
Summary
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
35 references
Date Public
2006-12-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017349",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017349"
},
{
"name": "23269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23269"
},
{
"name": "23303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23303"
},
{
"name": "20061206 rPSA-2006-0227-1 gnupg",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453723/100/0/threaded"
},
{
"name": "23255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23255"
},
{
"name": "USN-393-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-393-1"
},
{
"name": "23513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23513"
},
{
"name": "23284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23284"
},
{
"name": "USN-393-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-393-2"
},
{
"name": "23245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23245"
},
{
"name": "[gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html"
},
{
"name": "VU#427009",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/427009"
},
{
"name": "SUSE-SR:2006:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"
},
{
"name": "RHSA-2006:0754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
},
{
"name": "DSA-1231",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1231"
},
{
"name": "20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453664/100/0/threaded"
},
{
"name": "23335",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23335"
},
{
"name": "23299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23299"
},
{
"name": "21462",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21462"
},
{
"name": "2006-0070",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"name": "23329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23329"
},
{
"name": "GLSA-200612-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
},
{
"name": "23259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23259"
},
{
"name": "MDKSA-2006:228",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228"
},
{
"name": "23290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-835"
},
{
"name": "SUSE-SA:2006:075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
},
{
"name": "ADV-2006-4881",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4881"
},
{
"name": "oval:org.mitre.oval:def:11245",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245"
},
{
"name": "23250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23250"
},
{
"name": "20061201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"name": "gnupg-openpgp-code-execution(30711)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711"
},
{
"name": "OpenPKG-SA-2006.037",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"name": "24047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A \"stack overwrite\" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017349",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017349"
},
{
"name": "23269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23269"
},
{
"name": "23303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23303"
},
{
"name": "20061206 rPSA-2006-0227-1 gnupg",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453723/100/0/threaded"
},
{
"name": "23255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23255"
},
{
"name": "USN-393-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-393-1"
},
{
"name": "23513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23513"
},
{
"name": "23284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23284"
},
{
"name": "USN-393-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-393-2"
},
{
"name": "23245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23245"
},
{
"name": "[gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html"
},
{
"name": "VU#427009",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/427009"
},
{
"name": "SUSE-SR:2006:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"
},
{
"name": "RHSA-2006:0754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
},
{
"name": "DSA-1231",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1231"
},
{
"name": "20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453664/100/0/threaded"
},
{
"name": "23335",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23335"
},
{
"name": "23299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23299"
},
{
"name": "21462",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21462"
},
{
"name": "2006-0070",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"name": "23329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23329"
},
{
"name": "GLSA-200612-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
},
{
"name": "23259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23259"
},
{
"name": "MDKSA-2006:228",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228"
},
{
"name": "23290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-835"
},
{
"name": "SUSE-SA:2006:075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
},
{
"name": "ADV-2006-4881",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4881"
},
{
"name": "oval:org.mitre.oval:def:11245",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245"
},
{
"name": "23250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23250"
},
{
"name": "20061201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"name": "gnupg-openpgp-code-execution(30711)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711"
},
{
"name": "OpenPKG-SA-2006.037",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"name": "24047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24047"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A \"stack overwrite\" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017349",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017349"
},
{
"name": "23269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23269"
},
{
"name": "23303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23303"
},
{
"name": "20061206 rPSA-2006-0227-1 gnupg",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453723/100/0/threaded"
},
{
"name": "23255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23255"
},
{
"name": "USN-393-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-393-1"
},
{
"name": "23513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23513"
},
{
"name": "23284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23284"
},
{
"name": "USN-393-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-393-2"
},
{
"name": "23245",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23245"
},
{
"name": "[gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html"
},
{
"name": "VU#427009",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/427009"
},
{
"name": "SUSE-SR:2006:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"
},
{
"name": "RHSA-2006:0754",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
},
{
"name": "DSA-1231",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1231"
},
{
"name": "20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453664/100/0/threaded"
},
{
"name": "23335",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23335"
},
{
"name": "23299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23299"
},
{
"name": "21462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21462"
},
{
"name": "2006-0070",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"name": "23329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23329"
},
{
"name": "GLSA-200612-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
},
{
"name": "23259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23259"
},
{
"name": "MDKSA-2006:228",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228"
},
{
"name": "23290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23290"
},
{
"name": "https://issues.rpath.com/browse/RPL-835",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-835"
},
{
"name": "SUSE-SA:2006:075",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
},
{
"name": "ADV-2006-4881",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4881"
},
{
"name": "oval:org.mitre.oval:def:11245",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245"
},
{
"name": "23250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23250"
},
{
"name": "20061201-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"name": "gnupg-openpgp-code-execution(30711)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711"
},
{
"name": "OpenPKG-SA-2006.037",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"name": "24047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24047"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6235",
"datePublished": "2006-12-07T11:00:00.000Z",
"dateReserved": "2006-12-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:19:35.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0049 (GCVE-0-2006-0049)
Vulnerability from nvd – Published: 2006-03-13 21:00 – Updated: 2024-08-07 16:18
VLAI
Summary
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
31 references
Date Public
2006-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-264-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/264-1/"
},
{
"name": "19249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19249"
},
{
"name": "ADV-2006-0915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"name": "RHSA-2006:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"name": "450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/450"
},
{
"name": "19232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19232"
},
{
"name": "23790",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23790"
},
{
"name": "SSA:2006-072-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "19173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19173"
},
{
"name": "FLSA-2006:185355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "17058",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17058"
},
{
"name": "568",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/568"
},
{
"name": "oval:org.mitre.oval:def:10063",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"name": "19287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19287"
},
{
"name": "2006-0014",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"name": "1015749",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015749"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "SUSE-SA:2006:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"name": "GLSA-200603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"name": "gnupg-nondetached-sig-verification(25184)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"name": "19234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19234"
},
{
"name": "FEDORA-2006-147",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"name": "19197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19197"
},
{
"name": "19244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19244"
},
{
"name": "19203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19203"
},
{
"name": "MDKSA-2006:055",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"name": "20060309 GnuPG does not detect injection of unsigned data",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"name": "19231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19231"
},
{
"name": "DSA-993",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "USN-264-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/264-1/"
},
{
"name": "19249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19249"
},
{
"name": "ADV-2006-0915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"name": "RHSA-2006:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"name": "450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/450"
},
{
"name": "19232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19232"
},
{
"name": "23790",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23790"
},
{
"name": "SSA:2006-072-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "19173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19173"
},
{
"name": "FLSA-2006:185355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "17058",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17058"
},
{
"name": "568",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/568"
},
{
"name": "oval:org.mitre.oval:def:10063",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"name": "19287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19287"
},
{
"name": "2006-0014",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"name": "1015749",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015749"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "SUSE-SA:2006:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"name": "GLSA-200603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"name": "gnupg-nondetached-sig-verification(25184)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"name": "19234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19234"
},
{
"name": "FEDORA-2006-147",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"name": "19197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19197"
},
{
"name": "19244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19244"
},
{
"name": "19203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19203"
},
{
"name": "MDKSA-2006:055",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"name": "20060309 GnuPG does not detect injection of unsigned data",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"name": "19231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19231"
},
{
"name": "DSA-993",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-0049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-264-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/264-1/"
},
{
"name": "19249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19249"
},
{
"name": "ADV-2006-0915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"name": "RHSA-2006:0266",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "20060401-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"name": "450",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/450"
},
{
"name": "19232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19232"
},
{
"name": "23790",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23790"
},
{
"name": "SSA:2006-072-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "19173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19173"
},
{
"name": "FLSA-2006:185355",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "17058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17058"
},
{
"name": "568",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/568"
},
{
"name": "oval:org.mitre.oval:def:10063",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"name": "19287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19287"
},
{
"name": "2006-0014",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"name": "1015749",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015749"
},
{
"name": "19532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19532"
},
{
"name": "SUSE-SA:2006:014",
"refsource": "SUSE",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"name": "GLSA-200603-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"name": "gnupg-nondetached-sig-verification(25184)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"name": "19234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19234"
},
{
"name": "FEDORA-2006-147",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"name": "19197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19197"
},
{
"name": "19244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19244"
},
{
"name": "19203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19203"
},
{
"name": "MDKSA-2006:055",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"name": "20060309 GnuPG does not detect injection of unsigned data",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"name": "19231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19231"
},
{
"name": "DSA-993",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-0049",
"datePublished": "2006-03-13T21:00:00.000Z",
"dateReserved": "2005-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:18:20.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0455 (GCVE-0-2006-0455)
Vulnerability from nvd – Published: 2006-02-15 22:00 – Updated: 2024-08-07 16:34
VLAI
Summary
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
32 references
Date Public
2006-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16663",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16663"
},
{
"name": "18956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18956"
},
{
"name": "2006-0008",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0008"
},
{
"name": "[gnupg-devel] 20060215 [Announce] False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=gnupg-devel\u0026m=113999098729114\u0026w=2"
},
{
"name": "OpenPKG-SA-2006.001",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html"
},
{
"name": "19249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19249"
},
{
"name": "SUSE-SR:2006:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "RHSA-2006:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "SUSE-SA:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "20060215 False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425289/100/0/threaded"
},
{
"name": "18934",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18934"
},
{
"name": "FEDORA-2006-116",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA-2006-116.shtml"
},
{
"name": "gnupg-gpgv-improper-verification(24744)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24744"
},
{
"name": "oval:org.mitre.oval:def:10084",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084"
},
{
"name": "SSA:2006-072-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "FLSA-2006:185355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "18955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18955"
},
{
"name": "[gnupg-announce] 20060215 False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html"
},
{
"name": "SUSE-SA:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html"
},
{
"name": "19130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19130"
},
{
"name": "GLSA-200602-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "18933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18933"
},
{
"name": "DSA-978",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.us.debian.org/security/2006/dsa-978"
},
{
"name": "23221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23221"
},
{
"name": "USN-252-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-252-1"
},
{
"name": "18968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18968"
},
{
"name": "18845",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18845"
},
{
"name": "18942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18942"
},
{
"name": "MDKSA-2006:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:043"
},
{
"name": "ADV-2006-0610",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0610"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command \"gpg --verify\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "16663",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16663"
},
{
"name": "18956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18956"
},
{
"name": "2006-0008",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0008"
},
{
"name": "[gnupg-devel] 20060215 [Announce] False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=gnupg-devel\u0026m=113999098729114\u0026w=2"
},
{
"name": "OpenPKG-SA-2006.001",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html"
},
{
"name": "19249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19249"
},
{
"name": "SUSE-SR:2006:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "RHSA-2006:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "SUSE-SA:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "20060215 False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425289/100/0/threaded"
},
{
"name": "18934",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18934"
},
{
"name": "FEDORA-2006-116",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA-2006-116.shtml"
},
{
"name": "gnupg-gpgv-improper-verification(24744)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24744"
},
{
"name": "oval:org.mitre.oval:def:10084",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084"
},
{
"name": "SSA:2006-072-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "FLSA-2006:185355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "18955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18955"
},
{
"name": "[gnupg-announce] 20060215 False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html"
},
{
"name": "SUSE-SA:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html"
},
{
"name": "19130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19130"
},
{
"name": "GLSA-200602-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "18933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18933"
},
{
"name": "DSA-978",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.us.debian.org/security/2006/dsa-978"
},
{
"name": "23221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23221"
},
{
"name": "USN-252-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-252-1"
},
{
"name": "18968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18968"
},
{
"name": "18845",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18845"
},
{
"name": "18942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18942"
},
{
"name": "MDKSA-2006:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:043"
},
{
"name": "ADV-2006-0610",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0610"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-0455",
"datePublished": "2006-02-15T22:00:00.000Z",
"dateReserved": "2006-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:34:14.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0978 (GCVE-0-2003-0978)
Vulnerability from nvd – Published: 2003-12-10 05:00 – Updated: 2024-08-08 02:12
VLAI
Summary
Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.s-quadra.com/advisories/Adv-20031203.txt | x_refsource_MISC |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
| http://marc.info/?l=bugtraq&m=107047470625214&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2003-12-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.s-quadra.com/advisories/Adv-20031203.txt"
},
{
"name": "SuSE-SA:2003:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "20031203 GnuPG 1.2.3, 1.3.3 external HKP interface format string issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107047470625214\u0026w=2"
},
{
"name": "gnupg-gpgkeyshkp-format-string(13892)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.s-quadra.com/advisories/Adv-20031203.txt"
},
{
"name": "SuSE-SA:2003:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "20031203 GnuPG 1.2.3, 1.3.3 external HKP interface format string issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107047470625214\u0026w=2"
},
{
"name": "gnupg-gpgkeyshkp-format-string(13892)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.s-quadra.com/advisories/Adv-20031203.txt",
"refsource": "MISC",
"url": "http://www.s-quadra.com/advisories/Adv-20031203.txt"
},
{
"name": "SuSE-SA:2003:048",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "20031203 GnuPG 1.2.3, 1.3.3 external HKP interface format string issue",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107047470625214\u0026w=2"
},
{
"name": "gnupg-gpgkeyshkp-format-string(13892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0978",
"datePublished": "2003-12-10T05:00:00.000Z",
"dateReserved": "2003-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:12:35.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0971 (GCVE-0-2003-0971)
Vulnerability from nvd – Published: 2003-12-02 05:00 – Updated: 2024-08-08 02:12
VLAI
Summary
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2003-11-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-395.html"
},
{
"name": "20040202-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "SuSE-SA:2003:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "VU#940388",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/940388"
},
{
"name": "10349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10349"
},
{
"name": "20031127 GnuPG\u0027s ElGamal signing keys compromised",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106995769213221\u0026w=2"
},
{
"name": "DSA-429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-429"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html"
},
{
"name": "9115",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html"
},
{
"name": "RHSA-2003:390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-390.html"
},
{
"name": "oval:org.mitre.oval:def:10982",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982"
},
{
"name": "10399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10399"
},
{
"name": "10304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10304"
},
{
"name": "MDKSA-2003:109",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:109"
},
{
"name": "CLA-2003:798",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000798"
},
{
"name": "10400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-11-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-395.html"
},
{
"name": "20040202-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "SuSE-SA:2003:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "VU#940388",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/940388"
},
{
"name": "10349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10349"
},
{
"name": "20031127 GnuPG\u0027s ElGamal signing keys compromised",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106995769213221\u0026w=2"
},
{
"name": "DSA-429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-429"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html"
},
{
"name": "9115",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html"
},
{
"name": "RHSA-2003:390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-390.html"
},
{
"name": "oval:org.mitre.oval:def:10982",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982"
},
{
"name": "10399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10399"
},
{
"name": "10304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10304"
},
{
"name": "MDKSA-2003:109",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:109"
},
{
"name": "CLA-2003:798",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000798"
},
{
"name": "10400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10400"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:395",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-395.html"
},
{
"name": "20040202-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "SuSE-SA:2003:048",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "VU#940388",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/940388"
},
{
"name": "10349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10349"
},
{
"name": "20031127 GnuPG\u0027s ElGamal signing keys compromised",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106995769213221\u0026w=2"
},
{
"name": "DSA-429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-429"
},
{
"name": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html",
"refsource": "CONFIRM",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html"
},
{
"name": "9115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9115"
},
{
"name": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html",
"refsource": "CONFIRM",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html"
},
{
"name": "RHSA-2003:390",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-390.html"
},
{
"name": "oval:org.mitre.oval:def:10982",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982"
},
{
"name": "10399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10399"
},
{
"name": "10304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10304"
},
{
"name": "MDKSA-2003:109",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:109"
},
{
"name": "CLA-2003:798",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000798"
},
{
"name": "10400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10400"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0971",
"datePublished": "2003-12-02T05:00:00.000Z",
"dateReserved": "2003-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:12:35.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0255 (GCVE-0-2003-0255)
Vulnerability from nvd – Published: 2003-05-07 04:00 – Updated: 2024-08-08 01:50
VLAI
Summary
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
Date Public
2003-05-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:46.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TLSA200334",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-34.txt"
},
{
"name": "RHSA-2003:175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-175.html"
},
{
"name": "4947",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4947"
},
{
"name": "oval:org.mitre.oval:def:135",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135"
},
{
"name": "20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105362224514081\u0026w=2"
},
{
"name": "7497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7497"
},
{
"name": "20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105311804129104\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html"
},
{
"name": "MDKSA-2003:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061"
},
{
"name": "gnupg-invalid-key-acceptance(11930)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930"
},
{
"name": "CLA-2003:694",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000694"
},
{
"name": "RHSA-2003:176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-176.html"
},
{
"name": "20030515-016",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html"
},
{
"name": "ESA-20030515-016",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105301357425157\u0026w=2"
},
{
"name": "VU#397604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/397604"
},
{
"name": "20030504 Key validity bug in GnuPG 1.2.1 and earlier",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105215110111174\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "TLSA200334",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-34.txt"
},
{
"name": "RHSA-2003:175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-175.html"
},
{
"name": "4947",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4947"
},
{
"name": "oval:org.mitre.oval:def:135",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135"
},
{
"name": "20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105362224514081\u0026w=2"
},
{
"name": "7497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7497"
},
{
"name": "20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105311804129104\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html"
},
{
"name": "MDKSA-2003:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061"
},
{
"name": "gnupg-invalid-key-acceptance(11930)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930"
},
{
"name": "CLA-2003:694",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000694"
},
{
"name": "RHSA-2003:176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-176.html"
},
{
"name": "20030515-016",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html"
},
{
"name": "ESA-20030515-016",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105301357425157\u0026w=2"
},
{
"name": "VU#397604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/397604"
},
{
"name": "20030504 Key validity bug in GnuPG 1.2.1 and earlier",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105215110111174\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TLSA200334",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-34.txt"
},
{
"name": "RHSA-2003:175",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-175.html"
},
{
"name": "4947",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4947"
},
{
"name": "oval:org.mitre.oval:def:135",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135"
},
{
"name": "20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105362224514081\u0026w=2"
},
{
"name": "7497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7497"
},
{
"name": "20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105311804129104\u0026w=2"
},
{
"name": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html",
"refsource": "MISC",
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html"
},
{
"name": "MDKSA-2003:061",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061"
},
{
"name": "gnupg-invalid-key-acceptance(11930)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930"
},
{
"name": "CLA-2003:694",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000694"
},
{
"name": "RHSA-2003:176",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-176.html"
},
{
"name": "20030515-016",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html"
},
{
"name": "ESA-20030515-016",
"refsource": "ENGARDE",
"url": "http://marc.info/?l=bugtraq\u0026m=105301357425157\u0026w=2"
},
{
"name": "VU#397604",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/397604"
},
{
"name": "20030504 Key validity bug in GnuPG 1.2.1 and earlier",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105215110111174\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0255",
"datePublished": "2003-05-07T04:00:00.000Z",
"dateReserved": "2003-05-06T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:50:46.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0522 (GCVE-0-2001-0522)
Vulnerability from nvd – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:21
VLAI
Summary
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2001-05-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/188218"
},
{
"name": "gnupg-tty-format-string(6642)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6642"
},
{
"name": "VU#403051",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/403051"
},
{
"name": "2797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2797"
},
{
"name": "CSSA-2001-020.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt"
},
{
"name": "RHSA-2001:073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-073.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnupg.org/whatsnew.html#rn20010529"
},
{
"name": "DSA-061",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-061"
},
{
"name": "TLSA2001028",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html"
},
{
"name": "CLA-2001:399",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000399"
},
{
"name": "1845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1845"
},
{
"name": "SuSE-SA:2001:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html"
},
{
"name": "IMNX-2001-70-023-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01"
},
{
"name": "MDKSA-2001:053",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-23T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/188218"
},
{
"name": "gnupg-tty-format-string(6642)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6642"
},
{
"name": "VU#403051",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/403051"
},
{
"name": "2797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2797"
},
{
"name": "CSSA-2001-020.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt"
},
{
"name": "RHSA-2001:073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-073.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnupg.org/whatsnew.html#rn20010529"
},
{
"name": "DSA-061",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-061"
},
{
"name": "TLSA2001028",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html"
},
{
"name": "CLA-2001:399",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000399"
},
{
"name": "1845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1845"
},
{
"name": "SuSE-SA:2001:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html"
},
{
"name": "IMNX-2001-70-023-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01"
},
{
"name": "MDKSA-2001:053",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/188218"
},
{
"name": "gnupg-tty-format-string(6642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6642"
},
{
"name": "VU#403051",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/403051"
},
{
"name": "2797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2797"
},
{
"name": "CSSA-2001-020.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt"
},
{
"name": "RHSA-2001:073",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-073.html"
},
{
"name": "http://www.gnupg.org/whatsnew.html#rn20010529",
"refsource": "CONFIRM",
"url": "http://www.gnupg.org/whatsnew.html#rn20010529"
},
{
"name": "DSA-061",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-061"
},
{
"name": "TLSA2001028",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html"
},
{
"name": "CLA-2001:399",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000399"
},
{
"name": "1845",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1845"
},
{
"name": "SuSE-SA:2001:020",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html"
},
{
"name": "IMNX-2001-70-023-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01"
},
{
"name": "MDKSA-2001:053",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0522",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-06-18T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:21:38.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0072 (GCVE-0-2001-0072)
Vulnerability from nvd – Published: 2001-05-07 04:00 – Updated: 2024-08-08 04:06
VLAI
Summary
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| http://www.debian.org/security/2000/20001225b | vendor-advisoryx_refsource_DEBIAN |
| http://www.linux-mandrake.com/en/updates/2000/MDK… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.securityfocus.com/bid/2153 | vdb-entryx_refsource_BID |
| http://www.redhat.com/support/errata/RHSA-2000-131.html | vendor-advisoryx_refsource_REDHAT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/152197 | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/1702 | vdb-entryx_refsource_OSVDB |
Date Public
2000-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:54.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2000:368",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2153"
},
{
"name": "RHSA-2000:131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-reveal-private(5803)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1702",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2000:368",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2153"
},
{
"name": "RHSA-2000:131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-reveal-private(5803)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1702",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2000:368",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2153"
},
{
"name": "RHSA-2000:131",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-reveal-private(5803)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1702",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0072",
"datePublished": "2001-05-07T04:00:00.000Z",
"dateReserved": "2001-02-01T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:06:54.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0071 (GCVE-0-2001-0071)
Vulnerability from nvd – Published: 2001-05-07 04:00 – Updated: 2024-08-08 04:06
VLAI
Summary
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| http://www.debian.org/security/2000/20001225b | vendor-advisoryx_refsource_DEBIAN |
| http://www.linux-mandrake.com/en/updates/2000/MDK… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.securityfocus.com/bid/2141 | vdb-entryx_refsource_BID |
| http://www.redhat.com/support/errata/RHSA-2000-131.html | vendor-advisoryx_refsource_REDHAT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/152197 | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/1699 | vdb-entryx_refsource_OSVDB |
Date Public
2000-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:55.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2000:368",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2141"
},
{
"name": "RHSA-2000:131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-detached-sig-modify(5802)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5802"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1699",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1699"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2000:368",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2141"
},
{
"name": "RHSA-2000:131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-detached-sig-modify(5802)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5802"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1699",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1699"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2000:368",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2141"
},
{
"name": "RHSA-2000:131",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-detached-sig-modify(5802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5802"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1699",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1699"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0071",
"datePublished": "2001-05-07T04:00:00.000Z",
"dateReserved": "2001-02-01T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:06:55.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0974 (GCVE-0-2000-0974)
Vulnerability from nvd – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:37
VLAI
Summary
GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.debian.org/security/2000/20001111 | vendor-advisoryx_refsource_DEBIAN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.redhat.com/support/errata/RHSA-2000-089.html | vendor-advisoryx_refsource_REDHAT |
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories… | vendor-advisoryx_refsource_FREEBSD |
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| http://www.securityfocus.com/bid/1797 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/1608 | vdb-entryx_refsource_OSVDB |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… | vendor-advisoryx_refsource_CALDERA |
Date Public
2000-10-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:32.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20001011 GPG 1.0.3 doesn\u0027t detect modifications to files with multiple signatures",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html"
},
{
"name": "20001025 Immunix OS Security Update for gnupg package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html"
},
{
"name": "20001111 gnupg: incorrect signature verification",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001111"
},
{
"name": "gnupg-message-modify(5386)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5386"
},
{
"name": "RHSA-2000:089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-089.html"
},
{
"name": "FreeBSD-SA-00:67",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc"
},
{
"name": "CLSA-2000:334",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000334"
},
{
"name": "1797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1797"
},
{
"name": "1608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1608"
},
{
"name": "CSSA-2000-038.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20001011 GPG 1.0.3 doesn\u0027t detect modifications to files with multiple signatures",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html"
},
{
"name": "20001025 Immunix OS Security Update for gnupg package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html"
},
{
"name": "20001111 gnupg: incorrect signature verification",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001111"
},
{
"name": "gnupg-message-modify(5386)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5386"
},
{
"name": "RHSA-2000:089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-089.html"
},
{
"name": "FreeBSD-SA-00:67",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc"
},
{
"name": "CLSA-2000:334",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000334"
},
{
"name": "1797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1797"
},
{
"name": "1608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1608"
},
{
"name": "CSSA-2000-038.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20001011 GPG 1.0.3 doesn\u0027t detect modifications to files with multiple signatures",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html"
},
{
"name": "20001025 Immunix OS Security Update for gnupg package",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html"
},
{
"name": "20001111 gnupg: incorrect signature verification",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001111"
},
{
"name": "gnupg-message-modify(5386)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5386"
},
{
"name": "RHSA-2000:089",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-089.html"
},
{
"name": "FreeBSD-SA-00:67",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc"
},
{
"name": "CLSA-2000:334",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000334"
},
{
"name": "1797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1797"
},
{
"name": "1608",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1608"
},
{
"name": "CSSA-2000-038.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0974",
"datePublished": "2001-01-22T05:00:00.000Z",
"dateReserved": "2000-11-24T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:37:32.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6235 (GCVE-0-2006-6235)
Vulnerability from cvelistv5 – Published: 2006-12-07 11:00 – Updated: 2024-08-07 20:19
VLAI
Summary
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
35 references
Date Public
2006-12-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017349",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017349"
},
{
"name": "23269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23269"
},
{
"name": "23303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23303"
},
{
"name": "20061206 rPSA-2006-0227-1 gnupg",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453723/100/0/threaded"
},
{
"name": "23255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23255"
},
{
"name": "USN-393-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-393-1"
},
{
"name": "23513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23513"
},
{
"name": "23284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23284"
},
{
"name": "USN-393-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-393-2"
},
{
"name": "23245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23245"
},
{
"name": "[gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html"
},
{
"name": "VU#427009",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/427009"
},
{
"name": "SUSE-SR:2006:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"
},
{
"name": "RHSA-2006:0754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
},
{
"name": "DSA-1231",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1231"
},
{
"name": "20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453664/100/0/threaded"
},
{
"name": "23335",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23335"
},
{
"name": "23299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23299"
},
{
"name": "21462",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21462"
},
{
"name": "2006-0070",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"name": "23329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23329"
},
{
"name": "GLSA-200612-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
},
{
"name": "23259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23259"
},
{
"name": "MDKSA-2006:228",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228"
},
{
"name": "23290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-835"
},
{
"name": "SUSE-SA:2006:075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
},
{
"name": "ADV-2006-4881",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4881"
},
{
"name": "oval:org.mitre.oval:def:11245",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245"
},
{
"name": "23250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23250"
},
{
"name": "20061201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"name": "gnupg-openpgp-code-execution(30711)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711"
},
{
"name": "OpenPKG-SA-2006.037",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"name": "24047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A \"stack overwrite\" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017349",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017349"
},
{
"name": "23269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23269"
},
{
"name": "23303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23303"
},
{
"name": "20061206 rPSA-2006-0227-1 gnupg",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453723/100/0/threaded"
},
{
"name": "23255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23255"
},
{
"name": "USN-393-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-393-1"
},
{
"name": "23513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23513"
},
{
"name": "23284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23284"
},
{
"name": "USN-393-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-393-2"
},
{
"name": "23245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23245"
},
{
"name": "[gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html"
},
{
"name": "VU#427009",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/427009"
},
{
"name": "SUSE-SR:2006:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"
},
{
"name": "RHSA-2006:0754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
},
{
"name": "DSA-1231",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1231"
},
{
"name": "20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453664/100/0/threaded"
},
{
"name": "23335",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23335"
},
{
"name": "23299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23299"
},
{
"name": "21462",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21462"
},
{
"name": "2006-0070",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"name": "23329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23329"
},
{
"name": "GLSA-200612-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
},
{
"name": "23259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23259"
},
{
"name": "MDKSA-2006:228",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228"
},
{
"name": "23290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-835"
},
{
"name": "SUSE-SA:2006:075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
},
{
"name": "ADV-2006-4881",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4881"
},
{
"name": "oval:org.mitre.oval:def:11245",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245"
},
{
"name": "23250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23250"
},
{
"name": "20061201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"name": "gnupg-openpgp-code-execution(30711)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711"
},
{
"name": "OpenPKG-SA-2006.037",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"name": "24047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24047"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A \"stack overwrite\" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017349",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017349"
},
{
"name": "23269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23269"
},
{
"name": "23303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23303"
},
{
"name": "20061206 rPSA-2006-0227-1 gnupg",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453723/100/0/threaded"
},
{
"name": "23255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23255"
},
{
"name": "USN-393-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-393-1"
},
{
"name": "23513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23513"
},
{
"name": "23284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23284"
},
{
"name": "USN-393-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-393-2"
},
{
"name": "23245",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23245"
},
{
"name": "[gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html"
},
{
"name": "VU#427009",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/427009"
},
{
"name": "SUSE-SR:2006:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"
},
{
"name": "RHSA-2006:0754",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
},
{
"name": "DSA-1231",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1231"
},
{
"name": "20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453664/100/0/threaded"
},
{
"name": "23335",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23335"
},
{
"name": "23299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23299"
},
{
"name": "21462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21462"
},
{
"name": "2006-0070",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"name": "23329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23329"
},
{
"name": "GLSA-200612-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
},
{
"name": "23259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23259"
},
{
"name": "MDKSA-2006:228",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228"
},
{
"name": "23290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23290"
},
{
"name": "https://issues.rpath.com/browse/RPL-835",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-835"
},
{
"name": "SUSE-SA:2006:075",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
},
{
"name": "ADV-2006-4881",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4881"
},
{
"name": "oval:org.mitre.oval:def:11245",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245"
},
{
"name": "23250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23250"
},
{
"name": "20061201-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"name": "gnupg-openpgp-code-execution(30711)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711"
},
{
"name": "OpenPKG-SA-2006.037",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"name": "24047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24047"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6235",
"datePublished": "2006-12-07T11:00:00.000Z",
"dateReserved": "2006-12-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:19:35.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0049 (GCVE-0-2006-0049)
Vulnerability from cvelistv5 – Published: 2006-03-13 21:00 – Updated: 2024-08-07 16:18
VLAI
Summary
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
31 references
Date Public
2006-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-264-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/264-1/"
},
{
"name": "19249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19249"
},
{
"name": "ADV-2006-0915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"name": "RHSA-2006:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"name": "450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/450"
},
{
"name": "19232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19232"
},
{
"name": "23790",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23790"
},
{
"name": "SSA:2006-072-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "19173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19173"
},
{
"name": "FLSA-2006:185355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "17058",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17058"
},
{
"name": "568",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/568"
},
{
"name": "oval:org.mitre.oval:def:10063",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"name": "19287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19287"
},
{
"name": "2006-0014",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"name": "1015749",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015749"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "SUSE-SA:2006:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"name": "GLSA-200603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"name": "gnupg-nondetached-sig-verification(25184)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"name": "19234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19234"
},
{
"name": "FEDORA-2006-147",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"name": "19197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19197"
},
{
"name": "19244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19244"
},
{
"name": "19203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19203"
},
{
"name": "MDKSA-2006:055",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"name": "20060309 GnuPG does not detect injection of unsigned data",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"name": "19231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19231"
},
{
"name": "DSA-993",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "USN-264-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/264-1/"
},
{
"name": "19249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19249"
},
{
"name": "ADV-2006-0915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"name": "RHSA-2006:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"name": "450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/450"
},
{
"name": "19232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19232"
},
{
"name": "23790",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23790"
},
{
"name": "SSA:2006-072-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "19173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19173"
},
{
"name": "FLSA-2006:185355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "17058",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17058"
},
{
"name": "568",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/568"
},
{
"name": "oval:org.mitre.oval:def:10063",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"name": "19287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19287"
},
{
"name": "2006-0014",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"name": "1015749",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015749"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "SUSE-SA:2006:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"name": "GLSA-200603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"name": "gnupg-nondetached-sig-verification(25184)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"name": "19234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19234"
},
{
"name": "FEDORA-2006-147",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"name": "19197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19197"
},
{
"name": "19244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19244"
},
{
"name": "19203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19203"
},
{
"name": "MDKSA-2006:055",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"name": "20060309 GnuPG does not detect injection of unsigned data",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"name": "19231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19231"
},
{
"name": "DSA-993",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-0049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-264-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/264-1/"
},
{
"name": "19249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19249"
},
{
"name": "ADV-2006-0915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"name": "RHSA-2006:0266",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "20060401-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"name": "450",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/450"
},
{
"name": "19232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19232"
},
{
"name": "23790",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23790"
},
{
"name": "SSA:2006-072-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "19173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19173"
},
{
"name": "FLSA-2006:185355",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "17058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17058"
},
{
"name": "568",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/568"
},
{
"name": "oval:org.mitre.oval:def:10063",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"name": "19287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19287"
},
{
"name": "2006-0014",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"name": "1015749",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015749"
},
{
"name": "19532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19532"
},
{
"name": "SUSE-SA:2006:014",
"refsource": "SUSE",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"name": "GLSA-200603-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"name": "gnupg-nondetached-sig-verification(25184)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"name": "19234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19234"
},
{
"name": "FEDORA-2006-147",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"name": "19197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19197"
},
{
"name": "19244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19244"
},
{
"name": "19203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19203"
},
{
"name": "MDKSA-2006:055",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"name": "20060309 GnuPG does not detect injection of unsigned data",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"name": "19231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19231"
},
{
"name": "DSA-993",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-0049",
"datePublished": "2006-03-13T21:00:00.000Z",
"dateReserved": "2005-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:18:20.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0455 (GCVE-0-2006-0455)
Vulnerability from cvelistv5 – Published: 2006-02-15 22:00 – Updated: 2024-08-07 16:34
VLAI
Summary
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
32 references
Date Public
2006-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16663",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16663"
},
{
"name": "18956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18956"
},
{
"name": "2006-0008",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0008"
},
{
"name": "[gnupg-devel] 20060215 [Announce] False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=gnupg-devel\u0026m=113999098729114\u0026w=2"
},
{
"name": "OpenPKG-SA-2006.001",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html"
},
{
"name": "19249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19249"
},
{
"name": "SUSE-SR:2006:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "RHSA-2006:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "SUSE-SA:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "20060215 False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425289/100/0/threaded"
},
{
"name": "18934",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18934"
},
{
"name": "FEDORA-2006-116",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA-2006-116.shtml"
},
{
"name": "gnupg-gpgv-improper-verification(24744)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24744"
},
{
"name": "oval:org.mitre.oval:def:10084",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084"
},
{
"name": "SSA:2006-072-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "FLSA-2006:185355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "18955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18955"
},
{
"name": "[gnupg-announce] 20060215 False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html"
},
{
"name": "SUSE-SA:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html"
},
{
"name": "19130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19130"
},
{
"name": "GLSA-200602-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "18933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18933"
},
{
"name": "DSA-978",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.us.debian.org/security/2006/dsa-978"
},
{
"name": "23221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23221"
},
{
"name": "USN-252-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-252-1"
},
{
"name": "18968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18968"
},
{
"name": "18845",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18845"
},
{
"name": "18942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18942"
},
{
"name": "MDKSA-2006:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:043"
},
{
"name": "ADV-2006-0610",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0610"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command \"gpg --verify\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "16663",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16663"
},
{
"name": "18956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18956"
},
{
"name": "2006-0008",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0008"
},
{
"name": "[gnupg-devel] 20060215 [Announce] False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=gnupg-devel\u0026m=113999098729114\u0026w=2"
},
{
"name": "OpenPKG-SA-2006.001",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html"
},
{
"name": "19249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19249"
},
{
"name": "SUSE-SR:2006:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "RHSA-2006:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "SUSE-SA:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "20060215 False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425289/100/0/threaded"
},
{
"name": "18934",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18934"
},
{
"name": "FEDORA-2006-116",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA-2006-116.shtml"
},
{
"name": "gnupg-gpgv-improper-verification(24744)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24744"
},
{
"name": "oval:org.mitre.oval:def:10084",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084"
},
{
"name": "SSA:2006-072-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "FLSA-2006:185355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "18955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18955"
},
{
"name": "[gnupg-announce] 20060215 False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html"
},
{
"name": "SUSE-SA:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html"
},
{
"name": "19130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19130"
},
{
"name": "GLSA-200602-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "18933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18933"
},
{
"name": "DSA-978",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.us.debian.org/security/2006/dsa-978"
},
{
"name": "23221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23221"
},
{
"name": "USN-252-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-252-1"
},
{
"name": "18968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18968"
},
{
"name": "18845",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18845"
},
{
"name": "18942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18942"
},
{
"name": "MDKSA-2006:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:043"
},
{
"name": "ADV-2006-0610",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0610"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-0455",
"datePublished": "2006-02-15T22:00:00.000Z",
"dateReserved": "2006-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:34:14.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0978 (GCVE-0-2003-0978)
Vulnerability from cvelistv5 – Published: 2003-12-10 05:00 – Updated: 2024-08-08 02:12
VLAI
Summary
Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.s-quadra.com/advisories/Adv-20031203.txt | x_refsource_MISC |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
| http://marc.info/?l=bugtraq&m=107047470625214&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2003-12-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.s-quadra.com/advisories/Adv-20031203.txt"
},
{
"name": "SuSE-SA:2003:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "20031203 GnuPG 1.2.3, 1.3.3 external HKP interface format string issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107047470625214\u0026w=2"
},
{
"name": "gnupg-gpgkeyshkp-format-string(13892)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.s-quadra.com/advisories/Adv-20031203.txt"
},
{
"name": "SuSE-SA:2003:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "20031203 GnuPG 1.2.3, 1.3.3 external HKP interface format string issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107047470625214\u0026w=2"
},
{
"name": "gnupg-gpgkeyshkp-format-string(13892)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.s-quadra.com/advisories/Adv-20031203.txt",
"refsource": "MISC",
"url": "http://www.s-quadra.com/advisories/Adv-20031203.txt"
},
{
"name": "SuSE-SA:2003:048",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "20031203 GnuPG 1.2.3, 1.3.3 external HKP interface format string issue",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107047470625214\u0026w=2"
},
{
"name": "gnupg-gpgkeyshkp-format-string(13892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0978",
"datePublished": "2003-12-10T05:00:00.000Z",
"dateReserved": "2003-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:12:35.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0971 (GCVE-0-2003-0971)
Vulnerability from cvelistv5 – Published: 2003-12-02 05:00 – Updated: 2024-08-08 02:12
VLAI
Summary
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2003-11-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-395.html"
},
{
"name": "20040202-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "SuSE-SA:2003:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "VU#940388",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/940388"
},
{
"name": "10349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10349"
},
{
"name": "20031127 GnuPG\u0027s ElGamal signing keys compromised",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106995769213221\u0026w=2"
},
{
"name": "DSA-429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-429"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html"
},
{
"name": "9115",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html"
},
{
"name": "RHSA-2003:390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-390.html"
},
{
"name": "oval:org.mitre.oval:def:10982",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982"
},
{
"name": "10399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10399"
},
{
"name": "10304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10304"
},
{
"name": "MDKSA-2003:109",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:109"
},
{
"name": "CLA-2003:798",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000798"
},
{
"name": "10400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-11-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-395.html"
},
{
"name": "20040202-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "SuSE-SA:2003:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "VU#940388",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/940388"
},
{
"name": "10349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10349"
},
{
"name": "20031127 GnuPG\u0027s ElGamal signing keys compromised",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106995769213221\u0026w=2"
},
{
"name": "DSA-429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-429"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html"
},
{
"name": "9115",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html"
},
{
"name": "RHSA-2003:390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-390.html"
},
{
"name": "oval:org.mitre.oval:def:10982",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982"
},
{
"name": "10399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10399"
},
{
"name": "10304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10304"
},
{
"name": "MDKSA-2003:109",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:109"
},
{
"name": "CLA-2003:798",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000798"
},
{
"name": "10400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10400"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:395",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-395.html"
},
{
"name": "20040202-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "SuSE-SA:2003:048",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "VU#940388",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/940388"
},
{
"name": "10349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10349"
},
{
"name": "20031127 GnuPG\u0027s ElGamal signing keys compromised",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106995769213221\u0026w=2"
},
{
"name": "DSA-429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-429"
},
{
"name": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html",
"refsource": "CONFIRM",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html"
},
{
"name": "9115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9115"
},
{
"name": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html",
"refsource": "CONFIRM",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html"
},
{
"name": "RHSA-2003:390",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-390.html"
},
{
"name": "oval:org.mitre.oval:def:10982",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982"
},
{
"name": "10399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10399"
},
{
"name": "10304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10304"
},
{
"name": "MDKSA-2003:109",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:109"
},
{
"name": "CLA-2003:798",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000798"
},
{
"name": "10400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10400"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0971",
"datePublished": "2003-12-02T05:00:00.000Z",
"dateReserved": "2003-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:12:35.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0255 (GCVE-0-2003-0255)
Vulnerability from cvelistv5 – Published: 2003-05-07 04:00 – Updated: 2024-08-08 01:50
VLAI
Summary
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
Date Public
2003-05-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:46.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TLSA200334",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-34.txt"
},
{
"name": "RHSA-2003:175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-175.html"
},
{
"name": "4947",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4947"
},
{
"name": "oval:org.mitre.oval:def:135",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135"
},
{
"name": "20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105362224514081\u0026w=2"
},
{
"name": "7497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7497"
},
{
"name": "20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105311804129104\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html"
},
{
"name": "MDKSA-2003:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061"
},
{
"name": "gnupg-invalid-key-acceptance(11930)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930"
},
{
"name": "CLA-2003:694",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000694"
},
{
"name": "RHSA-2003:176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-176.html"
},
{
"name": "20030515-016",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html"
},
{
"name": "ESA-20030515-016",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105301357425157\u0026w=2"
},
{
"name": "VU#397604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/397604"
},
{
"name": "20030504 Key validity bug in GnuPG 1.2.1 and earlier",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105215110111174\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "TLSA200334",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-34.txt"
},
{
"name": "RHSA-2003:175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-175.html"
},
{
"name": "4947",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4947"
},
{
"name": "oval:org.mitre.oval:def:135",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135"
},
{
"name": "20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105362224514081\u0026w=2"
},
{
"name": "7497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7497"
},
{
"name": "20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105311804129104\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html"
},
{
"name": "MDKSA-2003:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061"
},
{
"name": "gnupg-invalid-key-acceptance(11930)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930"
},
{
"name": "CLA-2003:694",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000694"
},
{
"name": "RHSA-2003:176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-176.html"
},
{
"name": "20030515-016",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html"
},
{
"name": "ESA-20030515-016",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105301357425157\u0026w=2"
},
{
"name": "VU#397604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/397604"
},
{
"name": "20030504 Key validity bug in GnuPG 1.2.1 and earlier",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105215110111174\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TLSA200334",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-34.txt"
},
{
"name": "RHSA-2003:175",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-175.html"
},
{
"name": "4947",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4947"
},
{
"name": "oval:org.mitre.oval:def:135",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135"
},
{
"name": "20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105362224514081\u0026w=2"
},
{
"name": "7497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7497"
},
{
"name": "20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105311804129104\u0026w=2"
},
{
"name": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html",
"refsource": "MISC",
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html"
},
{
"name": "MDKSA-2003:061",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061"
},
{
"name": "gnupg-invalid-key-acceptance(11930)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930"
},
{
"name": "CLA-2003:694",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000694"
},
{
"name": "RHSA-2003:176",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-176.html"
},
{
"name": "20030515-016",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html"
},
{
"name": "ESA-20030515-016",
"refsource": "ENGARDE",
"url": "http://marc.info/?l=bugtraq\u0026m=105301357425157\u0026w=2"
},
{
"name": "VU#397604",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/397604"
},
{
"name": "20030504 Key validity bug in GnuPG 1.2.1 and earlier",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105215110111174\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0255",
"datePublished": "2003-05-07T04:00:00.000Z",
"dateReserved": "2003-05-06T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:50:46.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0522 (GCVE-0-2001-0522)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:21
VLAI
Summary
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2001-05-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/188218"
},
{
"name": "gnupg-tty-format-string(6642)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6642"
},
{
"name": "VU#403051",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/403051"
},
{
"name": "2797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2797"
},
{
"name": "CSSA-2001-020.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt"
},
{
"name": "RHSA-2001:073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-073.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnupg.org/whatsnew.html#rn20010529"
},
{
"name": "DSA-061",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-061"
},
{
"name": "TLSA2001028",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html"
},
{
"name": "CLA-2001:399",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000399"
},
{
"name": "1845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1845"
},
{
"name": "SuSE-SA:2001:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html"
},
{
"name": "IMNX-2001-70-023-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01"
},
{
"name": "MDKSA-2001:053",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-23T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/188218"
},
{
"name": "gnupg-tty-format-string(6642)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6642"
},
{
"name": "VU#403051",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/403051"
},
{
"name": "2797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2797"
},
{
"name": "CSSA-2001-020.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt"
},
{
"name": "RHSA-2001:073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-073.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnupg.org/whatsnew.html#rn20010529"
},
{
"name": "DSA-061",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-061"
},
{
"name": "TLSA2001028",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html"
},
{
"name": "CLA-2001:399",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000399"
},
{
"name": "1845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1845"
},
{
"name": "SuSE-SA:2001:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html"
},
{
"name": "IMNX-2001-70-023-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01"
},
{
"name": "MDKSA-2001:053",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/188218"
},
{
"name": "gnupg-tty-format-string(6642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6642"
},
{
"name": "VU#403051",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/403051"
},
{
"name": "2797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2797"
},
{
"name": "CSSA-2001-020.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt"
},
{
"name": "RHSA-2001:073",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-073.html"
},
{
"name": "http://www.gnupg.org/whatsnew.html#rn20010529",
"refsource": "CONFIRM",
"url": "http://www.gnupg.org/whatsnew.html#rn20010529"
},
{
"name": "DSA-061",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-061"
},
{
"name": "TLSA2001028",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html"
},
{
"name": "CLA-2001:399",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000399"
},
{
"name": "1845",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1845"
},
{
"name": "SuSE-SA:2001:020",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html"
},
{
"name": "IMNX-2001-70-023-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01"
},
{
"name": "MDKSA-2001:053",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0522",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-06-18T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:21:38.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0072 (GCVE-0-2001-0072)
Vulnerability from cvelistv5 – Published: 2001-05-07 04:00 – Updated: 2024-08-08 04:06
VLAI
Summary
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| http://www.debian.org/security/2000/20001225b | vendor-advisoryx_refsource_DEBIAN |
| http://www.linux-mandrake.com/en/updates/2000/MDK… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.securityfocus.com/bid/2153 | vdb-entryx_refsource_BID |
| http://www.redhat.com/support/errata/RHSA-2000-131.html | vendor-advisoryx_refsource_REDHAT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/152197 | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/1702 | vdb-entryx_refsource_OSVDB |
Date Public
2000-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:54.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2000:368",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2153"
},
{
"name": "RHSA-2000:131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-reveal-private(5803)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1702",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2000:368",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2153"
},
{
"name": "RHSA-2000:131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-reveal-private(5803)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1702",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2000:368",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2153"
},
{
"name": "RHSA-2000:131",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-reveal-private(5803)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1702",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0072",
"datePublished": "2001-05-07T04:00:00.000Z",
"dateReserved": "2001-02-01T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:06:54.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0071 (GCVE-0-2001-0071)
Vulnerability from cvelistv5 – Published: 2001-05-07 04:00 – Updated: 2024-08-08 04:06
VLAI
Summary
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| http://www.debian.org/security/2000/20001225b | vendor-advisoryx_refsource_DEBIAN |
| http://www.linux-mandrake.com/en/updates/2000/MDK… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.securityfocus.com/bid/2141 | vdb-entryx_refsource_BID |
| http://www.redhat.com/support/errata/RHSA-2000-131.html | vendor-advisoryx_refsource_REDHAT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/152197 | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/1699 | vdb-entryx_refsource_OSVDB |
Date Public
2000-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:55.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2000:368",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2141"
},
{
"name": "RHSA-2000:131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-detached-sig-modify(5802)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5802"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1699",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1699"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2000:368",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2141"
},
{
"name": "RHSA-2000:131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-detached-sig-modify(5802)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5802"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1699",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1699"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2000:368",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2141"
},
{
"name": "RHSA-2000:131",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-detached-sig-modify(5802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5802"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1699",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1699"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0071",
"datePublished": "2001-05-07T04:00:00.000Z",
"dateReserved": "2001-02-01T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:06:55.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0974 (GCVE-0-2000-0974)
Vulnerability from cvelistv5 – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:37
VLAI
Summary
GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.debian.org/security/2000/20001111 | vendor-advisoryx_refsource_DEBIAN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.redhat.com/support/errata/RHSA-2000-089.html | vendor-advisoryx_refsource_REDHAT |
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories… | vendor-advisoryx_refsource_FREEBSD |
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| http://www.securityfocus.com/bid/1797 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/1608 | vdb-entryx_refsource_OSVDB |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… | vendor-advisoryx_refsource_CALDERA |
Date Public
2000-10-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:32.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20001011 GPG 1.0.3 doesn\u0027t detect modifications to files with multiple signatures",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html"
},
{
"name": "20001025 Immunix OS Security Update for gnupg package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html"
},
{
"name": "20001111 gnupg: incorrect signature verification",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001111"
},
{
"name": "gnupg-message-modify(5386)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5386"
},
{
"name": "RHSA-2000:089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-089.html"
},
{
"name": "FreeBSD-SA-00:67",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc"
},
{
"name": "CLSA-2000:334",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000334"
},
{
"name": "1797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1797"
},
{
"name": "1608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1608"
},
{
"name": "CSSA-2000-038.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20001011 GPG 1.0.3 doesn\u0027t detect modifications to files with multiple signatures",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html"
},
{
"name": "20001025 Immunix OS Security Update for gnupg package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html"
},
{
"name": "20001111 gnupg: incorrect signature verification",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001111"
},
{
"name": "gnupg-message-modify(5386)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5386"
},
{
"name": "RHSA-2000:089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-089.html"
},
{
"name": "FreeBSD-SA-00:67",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc"
},
{
"name": "CLSA-2000:334",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000334"
},
{
"name": "1797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1797"
},
{
"name": "1608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1608"
},
{
"name": "CSSA-2000-038.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20001011 GPG 1.0.3 doesn\u0027t detect modifications to files with multiple signatures",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html"
},
{
"name": "20001025 Immunix OS Security Update for gnupg package",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html"
},
{
"name": "20001111 gnupg: incorrect signature verification",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001111"
},
{
"name": "gnupg-message-modify(5386)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5386"
},
{
"name": "RHSA-2000:089",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-089.html"
},
{
"name": "FreeBSD-SA-00:67",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc"
},
{
"name": "CLSA-2000:334",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000334"
},
{
"name": "1797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1797"
},
{
"name": "1608",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1608"
},
{
"name": "CSSA-2000-038.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0974",
"datePublished": "2001-01-22T05:00:00.000Z",
"dateReserved": "2000-11-24T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:37:32.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}