CVE Reference: CVE-2007-1263

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2007-1263

Description:
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.

CVE Status:
Candidate

References:

UBUNTU
  http://www.ubuntu.com/usn/usn-432-2
  http://www.ubuntu.com/usn/usn-432-1

TRUSTIX
  http://www.trustix.org/errata/2007/0009/

SUSE
  http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html

ST
  1017727

SREASON
  http://securityreason.com/securityalert/2353

SGI

SAID
  Secunia Advisory: SA24544
  Secunia Advisory: SA24489
  Secunia Advisory: SA24438
  Secunia Advisory: SA24420
  Secunia Advisory: SA24365
  Secunia Advisory: SA24511
  Secunia Advisory: SA24734
  Secunia Advisory: SA24650
  Secunia Advisory: SA24875
  Secunia Advisory: SA24407
  Secunia Advisory: SA24419

REDHAT
  http://www.redhat.com/support/errata/RHSA-2007-0107.html
  http://www.redhat.com/support/errata/RHSA-2007-0106.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10496

MLIST
  http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html

MISC
  http://www.coresecurity.com/?action=item&id=1687

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDKSA-2007:059

FEDORA
  http://fedoranews.org/cms/node/2776
  http://fedoranews.org/cms/node/2775

DEBIAN
  http://www.debian.org/security/2007/dsa-1266

CONFIRM
  http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/461958/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/461958/30/7710/threaded

BID
  22757


Return to the previous page.