CVE-2001-0071 - gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows

CVE-2001-0071

Summary

gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.

References

Vulnerable Configurations

cpe:2.3:a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 10-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:P/A:N

redhat via4

advisories

rhsa

id	RHSA-2000:131

refmap via4

bid	2141
bugtraq	20001220 Trustix Security Advisory - gnupg, ftpd-BSD
conectiva	CLA-2000:368
debian	DSA-010-1
mandrake	MDKSA-2000-087
osvdb	1699
xf	gnupg-detached-sig-modify(5802)

Last major update

10-10-2017 - 01:29

Published

12-02-2001 - 05:00

Last modified

10-10-2017 - 01:29