Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200603-08] GnuPG: Incorrect signature verification


Vulnerability Assessment Details

[GLSA-200603-08] GnuPG: Incorrect signature verification

Vulnerability Assessment Summary
GnuPG: Incorrect signature verification

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200603-08
(GnuPG: Incorrect signature verification)


OpenPGP is the standard that defines the format of digital
signatures supported by GnuPG. OpenPGP signatures consist of multiple
sections, in a strictly defined order. Tavis Ormandy of the Gentoo
Linux Security Audit Team discovered that certain illegal signature
formats could permit signed data to be modified without detection. GnuPG
has previously attempted to be lenient when processing malformed or
legacy signature formats, but this has now been found to be insecure.

Impact

A remote attacker may be able to construct or modify a
digitally-signed message, potentially permiting them to bypass
authentication systems, or impersonate another user.

Workaround

There is no known workaround at this time.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0049
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html


Solution:
All GnuPG users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.2.2"


Network Security Threat Level: Medium


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2006 Michel Arboi

Cables, Connectors


Lenovo 300e 2-in-1 2nd Gen 81QC 4GB RAM 32GB SSD 1.70 GHZ USED SCREEN ISSUE picture

Lenovo 300e 2-in-1 2nd Gen 81QC 4GB RAM 32GB SSD 1.70 GHZ USED SCREEN ISSUE

$35.00



Lenovo ThinkPad L390 Yoga i5-8265U 1.6GHz 128GB SSD 8GB RAM USED SCREEN ISSUE picture

Lenovo ThinkPad L390 Yoga i5-8265U 1.6GHz 128GB SSD 8GB RAM USED SCREEN ISSUE

$139.99



Lenovo System X 3550 M5 picture

Lenovo System X 3550 M5

$400.00



Lenovo Legion 5 15.6

Lenovo Legion 5 15.6" Gaming Laptop AMD R7 7735HS RTX 4060 16GB RAM 512GB SSD

$849.99



Lenovo IdeaPad Pro 5i, 16″, i5-13500H, 16 GB, 1 TB SSD, RTX 3050, 120Hz, Laptop picture

Lenovo IdeaPad Pro 5i, 16″, i5-13500H, 16 GB, 1 TB SSD, RTX 3050, 120Hz, Laptop

$709.99



Lenovo ThinkPad Yoga 11e 11.6

Lenovo ThinkPad Yoga 11e 11.6" 2in1 Touch Intel Core i3 4GB RAM 128GB SSD Win10

$58.00



Lenovo ThinkPad E560 Intel Core i5-6200U 2.3GHz 8GB RAM 500GB HDD W10P w/Charger picture

Lenovo ThinkPad E560 Intel Core i5-6200U 2.3GHz 8GB RAM 500GB HDD W10P w/Charger

$74.99



Lenovo 300e 11.6

Lenovo 300e 11.6" 2in1 Touchscreen Laptop Computer 4GB RAM 64GB SSD Windows 10

$83.99



Lenovo Notebook ThinkPad L14 AMD Gen 3 Laptop, 14

Lenovo Notebook ThinkPad L14 AMD Gen 3 Laptop, 14" FHD IPS 60Hz

$409.99



Lenovo Notebook ThinkPad T14s Gen 4 Laptop, 14

Lenovo Notebook ThinkPad T14s Gen 4 Laptop, 14" IPS 60Hz, i7-1355U,

$704.63



Discussions

No Discussions have been posted on this vulnerability.