CVE-2006-0049

Severity

50%

Complexity

99%

Confidentiality

48%

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N).

Overview

Type

GNU GNU Privacy Guard

First reported 18 years ago

2006-03-13 21:06:00

Last updated 6 years ago

2018-10-19 15:42:00

Affected Software

GNU GNU Privacy Guard 1.0

1.0

GNU GNU Privacy Guard 1.0.1

1.0.1

GNU GNU Privacy Guard 1.0.2

1.0.2

GNU GNU Privacy Guard 1.0.3

1.0.3

GNU GNU Privacy Guard 1.0.4

1.0.4

GNU GNU Privacy Guard 1.0.5

1.0.5

GNU GNU Privacy Guard 1.0.6

1.0.6

GNU GNU Privacy Guard 1.0.7

1.0.7

GNU GNU Privacy Guard 1.2

1.2

GNU GNU Privacy Guard 1.2.1

1.2.1

GNU GNU Privacy Guard 1.2.2

1.2.2

GNU GNU Privacy Guard 1.2.3

1.2.3

GNU GNU Privacy Guard 1.2.4

1.2.4

GNU GNU Privacy Guard 1.2.5

1.2.5

GNU GNU Privacy Guard 1.2.6

1.2.6

GNU GNU Privacy Guard 1.2.7

1.2.7

GNU GNU Privacy Guard 1.3.3

1.3.3

GNU GNU Privacy Guard 1.3.4

1.3.4

GNU GNU Privacy Guard 1.4

1.4

GNU GNU Privacy Guard 1.4.1

1.4.1

GNU GNU Privacy Guard 1.4.2

1.4.2

GNU GNU Privacy Guard 1.4.2.1

1.4.2.1

References

20060401-01-U

[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data

Patch, Vendor Advisory

SUSE-SA:2006:014

19173

Patch, Vendor Advisory

19197

19203

19231

19232

19234

19244

19249

19287

19532

450

568

1015749

Patch

DSA-993

Patch, Vendor Advisory

GLSA-200603-08

Patch, Vendor Advisory

MDKSA-2006:055

23790

Patch

FEDORA-2006-147

RHSA-2006:0266

20060309 GnuPG does not detect injection of unsigned data

FLSA-2006:185355

17058

Patch

SSA:2006-072-02

2006-0014

ADV-2006-0915

gnupg-nondetached-sig-verification(25184)

oval:org.mitre.oval:def:10063

USN-264-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.