CVE-2007-1263

Severity

50%

Complexity

99%

Confidentiality

48%

GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.

GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N).

Overview

First reported 17 years ago

2007-03-06 20:19:00

Last updated 6 years ago

2018-10-16 16:37:00

Affected Software

GNU GPGME

References

20070301-01-P

FEDORA-2007-316

FEDORA-2007-315

[gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME

SUSE-SA:2007:024

24365

24407

24419

24420

24438

24489

24511

24544

24650

24734

24875

2353

http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm

http://www.coresecurity.com/?action=item&id=1687

Patch, Vendor Advisory

DSA-1266

MDKSA-2007:059

RHSA-2007:0106

RHSA-2007:0107

20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability

20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability

22757

1017727

2007-0009

USN-432-1

USN-432-2

ADV-2007-0835

https://issues.rpath.com/browse/RPL-1111

oval:org.mitre.oval:def:10496

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.