5

CVE-2006-0049

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuPrivacy Guard Version1.0
GnuPrivacy Guard Version1.0.1
GnuPrivacy Guard Version1.0.2
GnuPrivacy Guard Version1.0.3
GnuPrivacy Guard Version1.0.3b
GnuPrivacy Guard Version1.0.4
GnuPrivacy Guard Version1.0.5
GnuPrivacy Guard Version1.0.6
GnuPrivacy Guard Version1.0.7
GnuPrivacy Guard Version1.2
GnuPrivacy Guard Version1.2.1
GnuPrivacy Guard Version1.2.2
GnuPrivacy Guard Version1.2.2 Updaterc1
GnuPrivacy Guard Version1.2.3
GnuPrivacy Guard Version1.2.4
GnuPrivacy Guard Version1.2.5
GnuPrivacy Guard Version1.2.6
GnuPrivacy Guard Version1.2.7
GnuPrivacy Guard Version1.3.3
GnuPrivacy Guard Version1.3.4
GnuPrivacy Guard Version1.4
GnuPrivacy Guard Version1.4.1
GnuPrivacy Guard Version1.4.2
GnuPrivacy Guard Version1.4.2.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.37% 0.817
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
http://secunia.com/advisories/19532
http://secunia.com/advisories/19249
http://www.redhat.com/support/errata/RHSA-2006-0266.html
http://www.securityfocus.com/archive/1/433931/100/0/threaded
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
Patch
Vendor Advisory
http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html
http://secunia.com/advisories/19173
Patch
Vendor Advisory
http://secunia.com/advisories/19197
http://secunia.com/advisories/19203
http://secunia.com/advisories/19231
http://secunia.com/advisories/19232
http://secunia.com/advisories/19234
http://secunia.com/advisories/19244
http://secunia.com/advisories/19287
http://securityreason.com/securityalert/450
http://securityreason.com/securityalert/568
http://securitytracker.com/id?1015749
Patch
http://www.debian.org/security/2006/dsa-993
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:055
http://www.osvdb.org/23790
Patch
http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html
http://www.securityfocus.com/archive/1/427324/100/0/threaded
http://www.securityfocus.com/bid/17058
Patch
http://www.trustix.org/errata/2006/0014
http://www.vupen.com/english/advisories/2006/0915
https://exchange.xforce.ibmcloud.com/vulnerabilities/25184
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063
https://usn.ubuntu.com/264-1/