{ "id": "CVE-2006-0455", "sourceIdentifier": "secalert@redhat.com", "published": "2006-02-15T22:06:00.000", "lastModified": "2024-11-21T00:06:30.233", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command \"gpg --verify\"." }, { "lang": "es", "value": "gpgv en GnuPG en versiones anteriores a 1.4.2.1, cuando se utiliza verificaci\u00f3n de firma desatendida, devuelve un c\u00f3digo de salida 0 en algunos casos, incluso cuando el archivo de firma acompa\u00f1ante no lleva una firma, esto puede provocar que los programas que usen gpgv asuman que la verificaci\u00f3n de la firma ha tenido \u00e9xito. Nota: Esto tambi\u00e9n ocurre cuando se ejecuta el comando equivalente \"gpg --verify\"." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 4.6, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 3.9, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E054978B-8466-4D12-B7DC-7E72CC57F0DE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F38F964B-C5D1-4177-BD31-7AB4083CC431" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4DF7811A-B254-4829-AED2-C70BD5C82592" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "72ED862B-6278-41ED-9619-115E6552AFBB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*", "matchCriteriaId": "1869E888-E83C-4A62-AA84-F2C9F2AF12FB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "B3D51820-D735-44FC-95BB-A473FFDE9D35" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "B5FB2C28-0E4D-4AE3-A2CC-0197FE578074" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "3F2224AF-EA7B-4A3D-8B23-7FC59D66E611" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "0A2B3B44-941E-4007-B58A-16E85B87CB33" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "49A642D7-007E-479D-963E-A74AAE195A54" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "86144B81-D321-4ECA-937F-FFA8A043FCE4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "5A93CAE1-0DFC-43E1-997D-22CDC338D3E8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "9896332E-819B-4392-B704-B143DBBE90A7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "4B641ED5-4326-43E7-BF42-982B44478A05" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "76CAFD24-E53F-488C-BD9F-BE31D30828AD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "A5D3628A-3BDD-4C6F-AE7D-C81FC3EE1630" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "74589745-A9A6-44DB-B4F0-B61B663ECA21" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "BB2B99CB-5950-42E7-ACD5-38457CBE9095" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "D81AF47A-56BA-4D90-A4D4-D7A37333A117" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "E55DBB73-EF6C-4C46-9E5A-7C35D7FD190C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "205C014A-236B-44CF-A92D-B4D6392FF9A7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F412ECF0-DA84-47B8-98FD-06019C9E63E0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "CE04D970-A467-4648-B99C-895BA8BEE79B" } ] } ] } ], "references": [ { "url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U", "source": "secalert@redhat.com" }, { "url": "http://fedoranews.org/updates/FEDORA-2006-116.shtml", "source": "secalert@redhat.com" }, { "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html", "source": "secalert@redhat.com" }, { "url": "http://marc.info/?l=gnupg-devel&m=113999098729114&w=2", "source": "secalert@redhat.com" }, { "url": "http://secunia.com/advisories/18845", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/18933", "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/18934", "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/18942", "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/18955", "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/18956", "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/18968", "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/19130", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/19249", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/19532", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml", "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:043", "source": "secalert@redhat.com" }, { "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html", "source": "secalert@redhat.com" }, { "url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html", "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html", "source": "secalert@redhat.com" }, { "url": "http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.osvdb.org/23221", "source": "secalert@redhat.com" }, { "url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html", "source": "secalert@redhat.com" }, { "url": "http://www.securityfocus.com/archive/1/425289/100/0/threaded", "source": "secalert@redhat.com" }, { "url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded", "source": "secalert@redhat.com" }, { "url": "http://www.securityfocus.com/bid/16663", "source": "secalert@redhat.com", "tags": [ "Exploit", "Patch" ] }, { "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477", "source": "secalert@redhat.com", "tags": [ "Patch" ] }, { "url": "http://www.trustix.org/errata/2006/0008", "source": "secalert@redhat.com" }, { "url": "http://www.ubuntu.com/usn/usn-252-1", "source": "secalert@redhat.com" }, { "url": "http://www.us.debian.org/security/2006/dsa-978", "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://www.vupen.com/english/advisories/2006/0610", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24744", "source": "secalert@redhat.com" }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084", "source": "secalert@redhat.com" }, { "url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://fedoranews.org/updates/FEDORA-2006-116.shtml", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://marc.info/?l=gnupg-devel&m=113999098729114&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://secunia.com/advisories/18845", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/18933", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/18934", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/18942", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/18955", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/18956", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/18968", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/19130", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/19249", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/19532", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:043", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.osvdb.org/23221", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/archive/1/425289/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/bid/16663", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ] }, { "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "http://www.trustix.org/errata/2006/0008", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.ubuntu.com/usn/usn-252-1", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.us.debian.org/security/2006/dsa-978", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://www.vupen.com/english/advisories/2006/0610", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24744", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084", "source": "af854a3a-2127-422b-91ae-364da2661108" } ] }