CVE-2006-0049 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-0049
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0049

Description: gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/25184 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-264-1 TRUSTIX http://www.trustix.org/errata/2006/0014 SUSE http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html ST 1015749 SREASON http://securityreason.com/securityalert/450 http://securityreason.com/securityalert/568 SLACKWARE http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477 SGI SAID Secunia Advisory: SA19231 Secunia Advisory: SA19203 Secunia Advisory: SA19173 Secunia Advisory: SA19244 Secunia Advisory: SA19249 Secunia Advisory: SA19287 Secunia Advisory: SA19197 Secunia Advisory: SA19232 Secunia Advisory: SA19234 Secunia Advisory: SA19532 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0266.html OSVDB 23790 MLIST http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:055 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml FEDORA http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html http://www.securityfocus.com/archive/1/archive/1/433931/100/0/threaded DEBIAN http://www.debian.org/security/2006/dsa-993 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/427324/100/0/threaded BID 17058

Return to the previous page.