CVE-2007-1263
First published: Tue Mar 06 2007(Updated: )
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gnu Gpgme | <=1.1.3 | |
| Gnupg Gnupg | <=1.4.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.coresecurity.com/?action=item&id=1687
- http://www.securityfocus.com/bid/22757
- http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html
- https://issues.rpath.com/browse/RPL-1111
- http://www.debian.org/security/2007/dsa-1266
- http://fedoranews.org/cms/node/2776
- http://fedoranews.org/cms/node/2775
- http://www.redhat.com/support/errata/RHSA-2007-0106.html
- http://www.redhat.com/support/errata/RHSA-2007-0107.html
- http://www.ubuntu.com/usn/usn-432-1
- http://www.ubuntu.com/usn/usn-432-2
- http://www.securitytracker.com/id?1017727
- http://secunia.com/advisories/24365
- http://secunia.com/advisories/24420
- http://secunia.com/advisories/24438
- http://secunia.com/advisories/24489
- http://secunia.com/advisories/24511
- http://secunia.com/advisories/24544
- http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html
- http://secunia.com/advisories/24734
- http://secunia.com/advisories/24650
- http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm
- http://secunia.com/advisories/24875
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:059
- http://www.trustix.org/errata/2007/0009/
- http://secunia.com/advisories/24407
- http://secunia.com/advisories/24419
- http://securityreason.com/securityalert/2353
- http://www.vupen.com/english/advisories/2007/0835
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10496
- http://www.securityfocus.com/archive/1/461958/30/7710/threaded
- http://www.securityfocus.com/archive/1/461958/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/tags
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/gnu
- canonical/gnu gpgme
- version/gnu gpgme/1.1.3
- vendor/gnupg
- canonical/gnupg gnupg
- version/gnupg gnupg/1.4.6