GnuPG内置签名验证漏洞

admin
admin
admin
0
文章
0
评论
2022-07-22 19:19:27 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

GnuPG内置签名验证漏洞

  • CNNVD编号:CNNVD-200603-226
  • 危害等级: 低危
  • CVE编号: CVE-2006-0049
  • 漏洞类型: 设计错误
  • 发布时间: 2006-03-13
  • 威胁类型: 远程
  • 更新时间: 2006-03-14
  • 厂        商: gnu
  • 漏洞来源: Werner Koch wk@gnu...

漏洞简介

GnuPG是基于OpenPGP标准的PGP加密、解密、签名工具。

GnuPG在处理邮件内置的签名时存在验证漏洞,攻击者可能利用此漏洞在邮件中插入额外的数据。

GnuPG在提取已签名的数据时,数据可能前置或后缀了签名没有没有覆盖到的额外数据,这样攻击者就可以利用签名消息注入额外的任意数据。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

GNU GNU Privacy Guard 1.0

GNU GNU Privacy Guard 1.4.2.2

http://www.gnupg.org/download/

GNU GNU Privacy Guard 1.0 .6

GNU GNU Privacy Guard 1.4.2.2

http://www.gnupg.org/download/

GNU GNU Privacy Guard 1.0.1

GNU GNU Privacy Guard 1.4.2.2

http://www.gnupg.org/download/

GNU GNU Privacy Guard 1.0.2

GNU GNU Privacy Guard 1.4.2.2

http://www.gnupg.org/download/

GNU GNU Privacy Guard 1.0.3

GNU GNU Privacy Guard 1.4.2.2

http://www.gnupg.org/download/

GNU GNU Privacy Guard 1.0.4

GNU GNU Privacy Guard 1.4.2.2

http://www.gnupg.org/download/

GNU finger 1.0.7

GNU GNU Privacy Guard 1.4.2.2

http://www.gnupg.org/download/

GNU GNU Privacy Guard 1.0.7

GNU GNU Privacy Guard 1.4.2.2

http://www.gnupg.org/download/

GNU GNU Privacy Guard 1.2.1

GNU GNU Privacy Guard 1.4.2.2

http://www.gnupg.org/download/

Slackware gnupg-1.4.2.2-i386-1.tgz

Slackware 9.0:

ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/g nupg-1.4.2.2-i386-1.tgz

GNU GNU Privacy Guard 1.2.2 -rc1

GNU GNU Privacy Guard 1.4.2.2

http://www.gnupg.org/download/

GNU GNU Privacy Guard 1.2.2 -r1

GNU GNU Privacy Guard 1.4.2.2

http://www.gnupg.org/download/

GNU GNU Privacy Guard 1.2.3

GNU GNU Privacy Guard 1.4.2.2

http://www.gnupg.org/download/

Slackware gnupg-1.4.2.2-i486-1.tgz

Slackware 10.0:

ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ gnupg-1.4.2.2-i486-1.tgz

Slackware gnupg-1.4.2.2-i486-1.tgz

Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/g nupg-1.4.2.2-i486-1.tgz

GNU GNU Privacy Guard 1.2.4

GNU GNU Privacy Guard 1.4.2.2

http://www.gnupg.org/download/

Mandriva gnupg-1.4.2.2-0.1.C30mdk.i586.rpm

Corporate 3.0:

http://www.mandriva.com/en/download

Mandriva gnupg-1.4.2.2-0.1.C30mdk.i586.rpm

Corporate 3.0:

http://wwwnew.mandriva.com/en/downloads/

Mandriva gnupg-1.4.2.2-0.1.C30mdk.src.rpm

Corporate 3.0:

http://www.mandriva.com/en/download

Mandriva gnupg-1.4.2.2-0.1.C30mdk.x86_64.rpm

Corporate 3.0:

http://www.mandriva.com/en/download

Mandriva gnupg-1.4.2.2-0.1.C30mdk.x86_64.rpm

Corporate 3.0:

http://wwwnew.mandriva.com/en/downloads/

Mandriva gnupg-1.4.2.2-0.1.M20mdk.i586.rpm

Corporate 3.0:

http://wwwnew.mandriva.com/en/downloads/

Slackware gnupg-1.4.2.2-i486-1.tgz

Slackware 10.0:

ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ gnupg-1.4.2.2-i486-1.tgz

SuSE gpg-1.2.4-68.13.i586.rpm

SUSE LINUX 9.1:

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/gpg-1.2.4-68.13.i 586.rpm

SuSE gpg-1.2.4-68.13.x86_64.rpm

SUSE LINUX 9.1:

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/gpg-1.2.4-68. 13.x86_64.rpm

Ubuntu gnupg_1.2.4-4ubuntu2.3_amd64.deb

Ubuntu 4.10 (Warty Warthog)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubunt u2.3_amd64.deb

Ubuntu gnupg_1.2.4-4ubuntu2.3_i386.deb

Ubuntu 4.10 (Warty Warthog)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubunt u2.3_i386.deb

Ubuntu gnupg_1.2.4-4ubuntu2.3_powerpc.deb

Ubuntu 4.10 (Warty Warthog)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubunt u2.3_powerpc.deb

Ubuntu gpgv-udeb_1.4.1-1ubuntu1.2_i386.udeb

Updated packages for Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1u buntu1.2_i386.udeb

Ubuntu gpgv-udeb_1.4.1-1ubuntu1.2_powerpc.udeb

Updated packages for Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1u buntu1.2_powerpc.udeb

GNU GNU Privacy Guard 1.2.6

GNU GNU Privacy Guard 1.4.2.2

http://www.gnupg.org/download/

Trustix gnupg-1.2.6-2tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Trustix gnupg-1.4.2.2-1tr.i586.rpm

TSL 3.0

ftp://ftp.trustix.org/pub/trustix/updates

Trustix gnupg-utils-1.2.6-2tr.i586.rpm

TSL 2.2

ftp://ftp.trustix.org/pub/trustix/updates

Trustix gnupg-utils-1.4.2.2-1tr.i586.rpm

TSL 3.0

ftp://ftp.trustix.org/pub/trustix/updates

GNU GNU Privacy Guard 1.3.3

GNU GNU Privacy Guard 1.4.2.2

http://www.gnupg.org/download/

GNU

参考网址

来源: BID

名称: 17058

链接:http://www.securityfocus.com/bid/17058

来源: BUGTRAQ

名称: 20060309 GnuPG does not detect injection of unsigned data

链接:http://www.securityfocus.com/archive/1/archive/1/427324/100/0/threaded

来源: OSVDB

名称: 23790

链接:http://www.osvdb.org/23790

来源: GENTOO

名称: GLSA-200603-08

链接:http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml

来源: VUPEN

名称: ADV-2006-0915

链接:http://www.frsirt.com/english/advisories/2006/0915

来源: DEBIAN

名称: DSA-993

链接:http://www.debian.org/security/2006/dsa-993

来源: SECTRACK

名称: 1015749

链接:http://securitytracker.com/id?1015749

来源: SECUNIA

名称: 19173

链接:http://secunia.com/advisories/19173

来源: MLIST

名称: [gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data

链接:http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.HTML

来源: UBUNTU

名称: USN-264-1

链接:http://www.ubuntulinux.org/support/documentation/usn/usn-264-1

来源: XF

名称: gnupg-nondetached-sig-verification(25184)

链接:http://xforce.iss.net/xforce/xfdb/25184

来源: TRUSTIX

名称: 2006-0014

链接:http://www.trustix.org/errata/2006/0014

来源: SLACKWARE

名称: SSA:2006-072-02

链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477

来源: FEDORA

名称: FLSA-2006:185355

链接:http://www.securityfocus.com/archive/1/archive/1/433931/100/0/threaded

来源: REDHAT

名称: RHSA-2006:0266

链接:http://www.redhat.com/support/errata/RHSA-2006-0266.HTML

来源: FEDORA

名称: FEDORA-2006-147

链接:http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.HTML

来源: MANDRIVA

名称: MDKSA-2006:055

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:055

来源: SREASON

名称: 568

链接:http://securityreason.com/securityalert/568

来源: SREASON

名称: 450

链接:http://securityreason.com/securityalert/450

来源: SECUNIA

名称: 19532

链接:http://secunia.com/advisories/19532

来源: SECUNIA

名称: 19287

链接:http://secunia.com/advisories/19287

来源: SECUNIA

名称: 19249

链接:http://secunia.com/advisories/19249

来源: SECUNIA

名称: 19244

链接:http://secunia.com/advisories/19244

来源: SECUNIA

名称: 19234

链接:http://secunia.com/advisories/19234

来源: SECUNIA

名称: 19232

链接:http://secunia.com/advisories/19232

来源: SECUNIA

名称: 19231

链接:http://secunia.com/advisories/19231

来源: SECUNIA

名称: 19203

链接:http://secunia.com/advisories/19203

来源: SECUNIA

名称: 19197

链接:http://secunia.com/advisories/19197

来源: SUSE

名称: SUSE-SA:2006:014

链接:http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.HTML

来源: MANDRIVA

名称: MDKSA-2006:055

链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:055

来源: SGI

名称: 20060401-01-U

链接:ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U

受影响实体

  • Gnu Privacy_guard:1.0  
  • Gnu Privacy_guard:1.0.1  
  • Gnu Privacy_guard:1.0.2  
  • Gnu Privacy_guard:1.0.3  
  • Gnu Privacy_guard:1.0.3b  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0