CVE-2006-0455
Vulnerability from cvelistv5
Published
2006-02-15 22:00
Modified
2024-08-07 16:34
Severity ?
Summary
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
References
secalert@redhat.comftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
secalert@redhat.comhttp://fedoranews.org/updates/FEDORA-2006-116.shtml
secalert@redhat.comhttp://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
secalert@redhat.comhttp://marc.info/?l=gnupg-devel&m=113999098729114&w=2
secalert@redhat.comhttp://secunia.com/advisories/18845Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/18933Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/18934Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/18942Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/18955Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/18956Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/18968Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/19130Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/19249Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/19532Vendor Advisory
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200602-10.xmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:043
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_05_sr.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_09_gpg.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_13_gpg.html
secalert@redhat.comhttp://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.htmlVendor Advisory
secalert@redhat.comhttp://www.osvdb.org/23221
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2006-0266.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/425289/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/433931/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/16663Exploit, Patch
secalert@redhat.comhttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477Patch
secalert@redhat.comhttp://www.trustix.org/errata/2006/0008
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-252-1
secalert@redhat.comhttp://www.us.debian.org/security/2006/dsa-978Patch, Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/0610Vendor Advisory
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/24744
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
af854a3a-2127-422b-91ae-364da2661108http://fedoranews.org/updates/FEDORA-2006-116.shtml
af854a3a-2127-422b-91ae-364da2661108http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=gnupg-devel&m=113999098729114&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18845Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18933Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18934Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18942Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18955Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18956Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18968Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19130Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19249Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19532Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200602-10.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:043
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_05_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_09_gpg.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_13_gpg.html
af854a3a-2127-422b-91ae-364da2661108http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/23221
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0266.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/425289/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/433931/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/16663Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477Patch
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2006/0008
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-252-1
af854a3a-2127-422b-91ae-364da2661108http://www.us.debian.org/security/2006/dsa-978Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/0610Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/24744
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:34:14.838Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "16663",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16663"
          },
          {
            "name": "18956",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18956"
          },
          {
            "name": "2006-0008",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2006/0008"
          },
          {
            "name": "[gnupg-devel] 20060215 [Announce] False positive signature verification in GnuPG",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=gnupg-devel\u0026m=113999098729114\u0026w=2"
          },
          {
            "name": "OpenPKG-SA-2006.001",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html"
          },
          {
            "name": "19249",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19249"
          },
          {
            "name": "SUSE-SR:2006:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
          },
          {
            "name": "RHSA-2006:0266",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
          },
          {
            "name": "SUSE-SA:2006:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html"
          },
          {
            "name": "20060401-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
          },
          {
            "name": "20060215 False positive signature verification in GnuPG",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/425289/100/0/threaded"
          },
          {
            "name": "18934",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18934"
          },
          {
            "name": "FEDORA-2006-116",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/updates/FEDORA-2006-116.shtml"
          },
          {
            "name": "gnupg-gpgv-improper-verification(24744)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24744"
          },
          {
            "name": "oval:org.mitre.oval:def:10084",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084"
          },
          {
            "name": "SSA:2006-072-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
          },
          {
            "name": "FLSA-2006:185355",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
          },
          {
            "name": "18955",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18955"
          },
          {
            "name": "[gnupg-announce] 20060215 False positive signature verification in GnuPG",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html"
          },
          {
            "name": "SUSE-SA:2006:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html"
          },
          {
            "name": "19130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19130"
          },
          {
            "name": "GLSA-200602-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml"
          },
          {
            "name": "19532",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19532"
          },
          {
            "name": "18933",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18933"
          },
          {
            "name": "DSA-978",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.us.debian.org/security/2006/dsa-978"
          },
          {
            "name": "23221",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/23221"
          },
          {
            "name": "USN-252-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-252-1"
          },
          {
            "name": "18968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18968"
          },
          {
            "name": "18845",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18845"
          },
          {
            "name": "18942",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18942"
          },
          {
            "name": "MDKSA-2006:043",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:043"
          },
          {
            "name": "ADV-2006-0610",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0610"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded.  Note: this also occurs when running the equivalent command \"gpg --verify\"."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "16663",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16663"
        },
        {
          "name": "18956",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18956"
        },
        {
          "name": "2006-0008",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2006/0008"
        },
        {
          "name": "[gnupg-devel] 20060215 [Announce] False positive signature verification in GnuPG",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=gnupg-devel\u0026m=113999098729114\u0026w=2"
        },
        {
          "name": "OpenPKG-SA-2006.001",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html"
        },
        {
          "name": "19249",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19249"
        },
        {
          "name": "SUSE-SR:2006:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
        },
        {
          "name": "RHSA-2006:0266",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
        },
        {
          "name": "SUSE-SA:2006:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html"
        },
        {
          "name": "20060401-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
        },
        {
          "name": "20060215 False positive signature verification in GnuPG",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/425289/100/0/threaded"
        },
        {
          "name": "18934",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18934"
        },
        {
          "name": "FEDORA-2006-116",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/updates/FEDORA-2006-116.shtml"
        },
        {
          "name": "gnupg-gpgv-improper-verification(24744)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24744"
        },
        {
          "name": "oval:org.mitre.oval:def:10084",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084"
        },
        {
          "name": "SSA:2006-072-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
        },
        {
          "name": "FLSA-2006:185355",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
        },
        {
          "name": "18955",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18955"
        },
        {
          "name": "[gnupg-announce] 20060215 False positive signature verification in GnuPG",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html"
        },
        {
          "name": "SUSE-SA:2006:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html"
        },
        {
          "name": "19130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19130"
        },
        {
          "name": "GLSA-200602-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml"
        },
        {
          "name": "19532",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19532"
        },
        {
          "name": "18933",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18933"
        },
        {
          "name": "DSA-978",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.us.debian.org/security/2006/dsa-978"
        },
        {
          "name": "23221",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/23221"
        },
        {
          "name": "USN-252-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-252-1"
        },
        {
          "name": "18968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18968"
        },
        {
          "name": "18845",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18845"
        },
        {
          "name": "18942",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18942"
        },
        {
          "name": "MDKSA-2006:043",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:043"
        },
        {
          "name": "ADV-2006-0610",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0610"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-0455",
    "datePublished": "2006-02-15T22:00:00",
    "dateReserved": "2006-01-27T00:00:00",
    "dateUpdated": "2024-08-07T16:34:14.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-0455\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2006-02-15T22:06:00.000\",\"lastModified\":\"2024-11-21T00:06:30.233\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded.  Note: this also occurs when running the equivalent command \\\"gpg --verify\\\".\"},{\"lang\":\"es\",\"value\":\"gpgv en GnuPG en versiones anteriores a 1.4.2.1, cuando se utiliza verificaci\u00f3n de firma desatendida, devuelve un c\u00f3digo de salida 0 en algunos casos, incluso cuando el archivo de firma acompa\u00f1ante no lleva una firma, esto puede provocar que los programas que usen gpgv asuman que la verificaci\u00f3n de la firma ha tenido \u00e9xito. Nota: Esto tambi\u00e9n ocurre cuando se ejecuta el comando equivalente \\\"gpg --verify\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E054978B-8466-4D12-B7DC-7E72CC57F0DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F38F964B-C5D1-4177-BD31-7AB4083CC431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DF7811A-B254-4829-AED2-C70BD5C82592\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72ED862B-6278-41ED-9619-115E6552AFBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1869E888-E83C-4A62-AA84-F2C9F2AF12FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3D51820-D735-44FC-95BB-A473FFDE9D35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5FB2C28-0E4D-4AE3-A2CC-0197FE578074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F2224AF-EA7B-4A3D-8B23-7FC59D66E611\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A2B3B44-941E-4007-B58A-16E85B87CB33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49A642D7-007E-479D-963E-A74AAE195A54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86144B81-D321-4ECA-937F-FFA8A043FCE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A93CAE1-0DFC-43E1-997D-22CDC338D3E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9896332E-819B-4392-B704-B143DBBE90A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B641ED5-4326-43E7-BF42-982B44478A05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76CAFD24-E53F-488C-BD9F-BE31D30828AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5D3628A-3BDD-4C6F-AE7D-C81FC3EE1630\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74589745-A9A6-44DB-B4F0-B61B663ECA21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB2B99CB-5950-42E7-ACD5-38457CBE9095\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D81AF47A-56BA-4D90-A4D4-D7A37333A117\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E55DBB73-EF6C-4C46-9E5A-7C35D7FD190C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"205C014A-236B-44CF-A92D-B4D6392FF9A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F412ECF0-DA84-47B8-98FD-06019C9E63E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE04D970-A467-4648-B99C-895BA8BEE79B\"}]}]}],\"references\":[{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://fedoranews.org/updates/FEDORA-2006-116.shtml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=gnupg-devel\u0026m=113999098729114\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/18845\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18933\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18934\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18942\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18955\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18956\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18968\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19130\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19249\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19532\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:043\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_05_sr.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_09_gpg.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_13_gpg.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/23221\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0266.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/425289/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/433931/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/16663\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.trustix.org/errata/2006/0008\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/usn-252-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.us.debian.org/security/2006/dsa-978\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/0610\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/24744\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084\",\"source\":\"secalert@redhat.com\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://fedoranews.org/updates/FEDORA-2006-116.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=gnupg-devel\u0026m=113999098729114\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/18845\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18934\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18942\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18955\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18956\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18968\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19532\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:043\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_05_sr.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_09_gpg.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_13_gpg.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/23221\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0266.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/425289/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/433931/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/16663\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.trustix.org/errata/2006/0008\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-252-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us.debian.org/security/2006/dsa-978\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/0610\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/24744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.