ID CVE-2007-1263
Summary GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
References
Vulnerable Configurations
  • GNU GPGME 1.1.3
    cpe:2.3:a:gnu:gpgme:1.1.3
  • GnuPG (GNU Privacy Guard) 1.4.6
    cpe:2.3:a:gnupg:gnupg:1.4.6
CVSS
Base: 5.0 (as of 07-03-2007 - 15:41)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
exploit-db via4
description GnuPG 1.x Signed Message Arbitrary Content Injection Weakness. CVE-2007-1263. Remote exploit for linux platform
id EDB-ID:29689
last seen 2016-02-03
modified 2007-03-05
published 2007-03-05
reporter Gerardo Richarte
source https://www.exploit-db.com/download/29689/
title GnuPG 1.x Signed Message Arbitrary Content Injection Weakness
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11464.NASL
    description When printing a text stream with a GPG signature it was possible for an attacker to create a stream with 'unsigned text, signed text' where both unsigned and signed text would be shown without distinction which one was signed and which part wasn't. This is tracked by the Mitre CVE ID CVE-2007-1263. The update introduces a new option --allow-multiple-messages to print out such messages in the future, by default it only prints and handles the first one.
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41120
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41120
    title SuSE9 Security Update : gpg (YOU Patch Number 11464)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-432-1.NASL
    description Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28026
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28026
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : gnupg vulnerability (USN-432-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1266.NASL
    description Gerardo Richarte discovered that GnuPG, a free PGP replacement, provides insufficient user feedback if an OpenPGP message contains both unsigned and signed portions. Inserting text segments into an otherwise signed message could be exploited to forge the content of signed messages. This update prevents such attacks; the old behaviour can still be activated by passing the --allow-multiple-messages option.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 24819
    published 2007-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24819
    title Debian DSA-1266-1 : gnupg - several vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0107.NASL
    description From Red Hat Security Advisory 2007:0107 : Updated GnuPG packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applications that make use of GnuPG are prone to a vulnerability involving incorrect verification of signatures and encryption. An attacker could add arbitrary content to a signed message in such a way that a receiver of the message would not be able to distinguish between the properly signed parts of a message and the forged, unsigned, parts. (CVE-2007-1263) Whilst this is not a vulnerability in GnuPG itself, the GnuPG team have produced a patch to protect against messages with multiple plaintext packets. Users should update to these erratum packages which contain the backported patch for this issue. Red Hat would like to thank Core Security Technologies for reporting this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67460
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67460
    title Oracle Linux 5 : gnupg (ELSA-2007-0107)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0106.NASL
    description From Red Hat Security Advisory 2007:0106 : Updated GnuPG packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applications that make use of GnuPG are prone to a vulnerability involving incorrect verification of signatures and encryption. An attacker could add arbitrary content to a signed message in such a way that a receiver of the message would not be able to distinguish between the properly signed parts of a message and the forged, unsigned, parts. (CVE-2007-1263) Whilst this is not a vulnerability in GnuPG itself, the GnuPG team have produced a patch to protect against messages with multiple plaintext packets. Users should update to these erratum packages which contain the backported patch for this issue. Red Hat would like to thank Core Security Technologies for reporting this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67459
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67459
    title Oracle Linux 3 / 4 : gnupg (ELSA-2007-0106)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GPG-2994.NASL
    description When printing a text stream with a GPG signature it was possible for an attacker to create a stream with 'unsigned text, signed text' where both unsigned and signed text would be shown without distinction which one was signed and which part wasn't. This is tracked by the Mitre CVE ID CVE-2007-1263. The update introduces a new option -allow-multiple-messages to print out such messages in the future, by default it only prints and handles the first one.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29450
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29450
    title SuSE 10 Security Update : gpg (ZYPP Patch Number 2994)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GPG-2995.NASL
    description When printing a text stream with a GPG signature it was possible for an attacker to create a stream with 'unsigned text, signed text' where both unsigned and signed text would be shown without distinction which one was signed and which part wasn't. This is tracked by the Mitre CVE ID CVE-2007-1263. The update introduces a new option --allow-multiple-messages to print out such messages in the future, by default it only prints and handles the first one.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27248
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27248
    title openSUSE 10 Security Update : gpg (gpg-2995)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-432-2.NASL
    description USN-432-1 fixed a vulnerability in GnuPG. This update provides the corresponding updates for GnuPG2 and the GPGME library. Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 28027
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28027
    title Ubuntu 6.06 LTS / 6.10 : gnupg2, gpgme1.0 vulnerability (USN-432-2)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-059.NASL
    description GnuPG prior to 1.4.7 and GPGME prior to 1.1.4, when run from the command line, did not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components. This could allow a remote attacker to forge the contents of an email message without detection. GnuPG 1.4.7 is being provided with this update and GPGME has been patched on Mandriva 2007.0 to provide better visual notification on these types of forgeries.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24809
    published 2007-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24809
    title Mandrake Linux Security Advisory : gnupg (MDKSA-2007:059)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0107.NASL
    description Updated GnuPG packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applications that make use of GnuPG are prone to a vulnerability involving incorrect verification of signatures and encryption. An attacker could add arbitrary content to a signed message in such a way that a receiver of the message would not be able to distinguish between the properly signed parts of a message and the forged, unsigned, parts. (CVE-2007-1263) Whilst this is not a vulnerability in GnuPG itself, the GnuPG team have produced a patch to protect against messages with multiple plaintext packets. Users should update to these erratum packages which contain the backported patch for this issue. Red Hat would like to thank Core Security Technologies for reporting this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 25320
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25320
    title RHEL 5 : gnupg (RHSA-2007:0107)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0106.NASL
    description Updated GnuPG packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applications that make use of GnuPG are prone to a vulnerability involving incorrect verification of signatures and encryption. An attacker could add arbitrary content to a signed message in such a way that a receiver of the message would not be able to distinguish between the properly signed parts of a message and the forged, unsigned, parts. (CVE-2007-1263) Whilst this is not a vulnerability in GnuPG itself, the GnuPG team have produced a patch to protect against messages with multiple plaintext packets. Users should update to these erratum packages which contain the backported patch for this issue. Red Hat would like to thank Core Security Technologies for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 24775
    published 2007-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24775
    title RHEL 2.1 / 3 / 4 : gnupg (RHSA-2007:0106)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-315.NASL
    description This updates GnuPG to version 1.4.7, changing the default behavior so that gnupg now flags message streams which contain multiple plaintexts as an error. This prevents errors which would occur when applications which called gnupg assumed that this was already the default behavior. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 24821
    published 2007-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24821
    title Fedora Core 6 : gnupg-1.4.7-2 (2007-315)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0106.NASL
    description Updated GnuPG packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applications that make use of GnuPG are prone to a vulnerability involving incorrect verification of signatures and encryption. An attacker could add arbitrary content to a signed message in such a way that a receiver of the message would not be able to distinguish between the properly signed parts of a message and the forged, unsigned, parts. (CVE-2007-1263) Whilst this is not a vulnerability in GnuPG itself, the GnuPG team have produced a patch to protect against messages with multiple plaintext packets. Users should update to these erratum packages which contain the backported patch for this issue. Red Hat would like to thank Core Security Technologies for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 24764
    published 2007-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24764
    title CentOS 3 / 4 : gnupg (CESA-2007:0106)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-066-01.NASL
    description New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security ramifications of incorrect gpg usage.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 24787
    published 2007-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24787
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 9.0 / 9.1 : gnupg (SSA:2007-066-01)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-316.NASL
    description This updates GnuPG to version 1.4.7, changing the default behavior so that gnupg now flags message streams which contain multiple plaintexts as an error. This prevents errors which would occur when applications which called gnupg assumed that this was already the default behavior. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 24822
    published 2007-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24822
    title Fedora Core 5 : gnupg-1.4.7-1 (2007-316)
oval via4
accepted 2013-04-29T04:06:09.942-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
family unix
id oval:org.mitre.oval:def:10496
status accepted
submitted 2010-07-09T03:56:16-04:00
title GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
version 24
redhat via4
advisories
  • bugzilla
    id 230456
    title CVE-2007-1263 gnupg signed message spoofing
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhsa:tst:20060015001
      • comment gnupg is earlier than 0:1.2.1-20
        oval oval:com.redhat.rhsa:tst:20070106002
      • comment gnupg is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20060754003
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • comment gnupg is earlier than 0:1.2.6-9
        oval oval:com.redhat.rhsa:tst:20070106005
      • comment gnupg is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20060754003
    rhsa
    id RHSA-2007:0106
    released 2007-03-06
    severity Important
    title RHSA-2007:0106: gnupg security update (Important)
  • bugzilla
    id 230467
    title CVE-2007-1263 gnupg signed message spoofing
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • comment gnupg is earlier than 0:1.4.5-13
      oval oval:com.redhat.rhsa:tst:20070107002
    • comment gnupg is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20070107003
    rhsa
    id RHSA-2007:0107
    released 2007-03-13
    severity Important
    title RHSA-2007:0107: gnupg security update (Important)
rpms
  • gnupg-0:1.2.1-20
  • gnupg-0:1.2.6-9
  • gnupg-0:1.4.5-13
refmap via4
bid 22757
bugtraq 20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability
confirm
debian DSA-1266
fedora
  • FEDORA-2007-315
  • FEDORA-2007-316
mandriva MDKSA-2007:059
misc http://www.coresecurity.com/?action=item&id=1687
mlist [gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME
sectrack 1017727
secunia
  • 24365
  • 24407
  • 24419
  • 24420
  • 24438
  • 24489
  • 24511
  • 24544
  • 24650
  • 24734
  • 24875
sgi 20070301-01-P
sreason 2353
suse SUSE-SA:2007:024
trustix 2007-0009
ubuntu
  • USN-432-1
  • USN-432-2
vupen ADV-2007-0835
Last major update 07-03-2011 - 21:51
Published 06-03-2007 - 15:19
Last modified 16-10-2018 - 12:37
Back to Top