1. CVE-Search
  2. CVE-2007-1265
ID CVE-2007-1265
Summary KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
References
Vulnerable Configurations
  • cpe:2.3:a:kde:k-mail:0.0.29.2:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:0.0.29.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.0.28:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.0.29:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.0.29.1:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.0.29.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.0.29.2:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.0.29.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.86.2.36:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.86.2.36:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.87:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.87:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.88:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.88:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.89:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.89:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.90:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.90:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.92:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.92:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.93:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.93:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.94:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.94:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.95:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.95:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.101:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.101:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:k-mail:1.102:*:*:*:*:*:*:*
    cpe:2.3:a:kde:k-mail:1.102:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 16-10-2018 - 16:37)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE COMPLETE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:C/A:N
refmap via4
bid 22759
bugtraq 20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability
misc http://www.coresecurity.com/?action=item&id=1687
mlist [gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME
sectrack 1017727
secunia 24413
sreason 2353
vupen ADV-2007-0835
Last major update 16-10-2018 - 16:37
Published 06-03-2007 - 20:19
Last modified 16-10-2018 - 16:37
Back to Top