CVE-2006-0455

Severity

46%

Complexity

39%

Confidentiality

106%

gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".

gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

GNU GNU Privacy Guard

First reported 19 years ago

2006-02-15 22:06:00

Last updated 6 years ago

2018-10-19 15:44:00

Affected Software

GNU GNU Privacy Guard 1.0

1.0

GNU GNU Privacy Guard 1.0.1

1.0.1

GNU GNU Privacy Guard 1.0.2

1.0.2

GNU GNU Privacy Guard 1.0.3

1.0.3

GNU GNU Privacy Guard 1.0.4

1.0.4

GNU GNU Privacy Guard 1.0.5

1.0.5

GNU GNU Privacy Guard 1.0.6

1.0.6

GNU GNU Privacy Guard 1.0.7

1.0.7

GNU GNU Privacy Guard 1.2

1.2

GNU GNU Privacy Guard 1.2.1

1.2.1

GNU GNU Privacy Guard 1.2.2

1.2.2

GNU GNU Privacy Guard 1.2.3

1.2.3

GNU GNU Privacy Guard 1.2.4

1.2.4

GNU GNU Privacy Guard 1.2.5

1.2.5

GNU GNU Privacy Guard 1.2.6

1.2.6

GNU GNU Privacy Guard 1.2.7

1.2.7

GNU GNU Privacy Guard 1.3.3

1.3.3

GNU GNU Privacy Guard 1.3.4

1.3.4

GNU GNU Privacy Guard 1.4

1.4

GNU GNU Privacy Guard 1.4.1

1.4.1

GNU GNU Privacy Guard 1.4.2

1.4.2

References

20060401-01-U

FEDORA-2006-116

[gnupg-announce] 20060215 False positive signature verification in GnuPG

[gnupg-devel] 20060215 [Announce] False positive signature verification in GnuPG

18845

Vendor Advisory

18933

Patch, Vendor Advisory

18934

Patch, Vendor Advisory

18942

Patch, Vendor Advisory

18955

Patch, Vendor Advisory

18956

Patch, Vendor Advisory

18968

Patch, Vendor Advisory

19130

Vendor Advisory

19249

Vendor Advisory

19532

Vendor Advisory

GLSA-200602-10

Patch, Vendor Advisory

MDKSA-2006:043

SUSE-SR:2006:005

SUSE-SA:2006:009

Patch, Vendor Advisory

SUSE-SA:2006:013

OpenPKG-SA-2006.001

Vendor Advisory

23221

RHSA-2006:0266

20060215 False positive signature verification in GnuPG

FLSA-2006:185355

16663

Exploit, Patch

SSA:2006-072-02

Patch

2006-0008

USN-252-1

DSA-978

Patch, Vendor Advisory

ADV-2006-0610

Vendor Advisory

gnupg-gpgv-improper-verification(24744)

oval:org.mitre.oval:def:10084

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.