|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200603-08] GnuPG: Incorrect signature verification Vulnerability Assessment Details
|
[GLSA-200603-08] GnuPG: Incorrect signature verification |
||
GnuPG: Incorrect signature verification Detailed Explanation for this Vulnerability Assessment The remote host is affected by the vulnerability described in GLSA-200603-08 (GnuPG: Incorrect signature verification) OpenPGP is the standard that defines the format of digital signatures supported by GnuPG. OpenPGP signatures consist of multiple sections, in a strictly defined order. Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that certain illegal signature formats could permit signed data to be modified without detection. GnuPG has previously attempted to be lenient when processing malformed or legacy signature formats, but this has now been found to be insecure. Impact A remote attacker may be able to construct or modify a digitally-signed message, potentially permiting them to bypass authentication systems, or impersonate another user. Workaround There is no known workaround at this time. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0049 http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html Solution: All GnuPG users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.2.2" Network Security Threat Level: Medium Networks Security ID: Vulnerability Assessment Copyright: (C) 2006 Michel Arboi |
||
Cables, Connectors |
N85XX DELL 3.84TB SAS 12GB/S ENTERPRISE SOLID STATE DRIVE (W/ 14TH GEN CADDY)
$389.95
Western Digital 1TB WD Blue SA510 SATA SSD Internal 2.5”/7mm Cased - WDS100T3B0A
$89.99
Western Digital 250GB WD Blue SA510 SATA SSD, Internal M.2 2280 - WDS250G3B0B
$39.99
SanDisk 128GB Ultra microSDXC UHS-I Memory Card w/SD Adapter- SDSQUAB-128G-GN6MA
$15.99
Patriot P210 128GB 256GB 512GB 1TB 2TB 2.5" SATA 3 6GB/s Internal SSD PC/MAC Lot
$14.99
Netac 1TB 2TB 512GB Internal SSD 2.5'' SATA III 6Gb/s Solid State Drive lot
$13.99
Fanxiang 4TB 2TB 1TB SSD 550MB/s 2.5'' SATA III Internal Solid State Drive lot
$13.99
Fanxiang SSD 512GB 1TB 2TB 4TB 2.5''SATA III Internal Solid State Hard Drive LOT
$19.99
Fanxiang SSD 512GB 1TB 2TB 4TB 2.5'' SSD SATA III Internal Solid State Drive lot
$188.99
Fanxiang 256GB 512GB 1TB 2TB 4TB Internal SSD 2.5" SATA III 6GB/s for PC/MAC Lot
$178.19
|
||
No Discussions have been posted on this vulnerability. |