20 matches found
EUVD-2009-1356
Malware in sbrugna...
EUVD-2006-0462
Malware in sbrugna...
SUSE CVE-2009-1358
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories...
CVE-2009-1358
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories...
APT - Repository Signing Bypass via Memory Allocation Failure
APT - Repository Signing Bypass via Memory Allocation Failure Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1020 == Vulnerability == When apt-get updates a repository that uses an InRelease file clearsigned Release files, this file is processed as follows: First, the InRelease...
GnuPG 1.x Detached Signature Verification Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16663/info GnuPG is affected by a detached signature verification-bypass vulnerability because it fails to properly notify scripts that an invalid detached signature was presented and that the verification process has...
CVE-2009-1358
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories...
Code injection
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories...
CVE-2009-1358
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories...
CVE-2009-1358
CVE-2009-1358 affects the Debian/Red Hat apt client: apt-get before 0.7.21 fails to validate the error code from gpgv, causing an otherwise revoked/expired OpenPGP key to be treated as valid and potentially allow installation of malicious repositories. Affected software is the apt package manager...
CVE-2009-1358
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories...
CVE-2009-1358
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories...
GLSA-200612-03 : GnuPG: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200612-03 GnuPG: Multiple vulnerabilities Hugh Warrington has reported a boundary error in GnuPG, in the 'askoutfilename' function from openfile.c: the makeprintablestring function could return a string longer than expected...
FreeBSD : gnupg -- false positive signature verification (63fe4189-9f97-11da-ac32-0001020eed82)
Werner Koch reports : The Gentoo project identified a security related bug in GnuPG. When using any current version of GnuPG for unattended signature verification e.g. by scripts and mail programs, false positive signature verification of detached signatures may occur. This problem affects the to...
PnuPG gpgv / gpg invalid return code
Utility returns 0 status code if no signature found...
[SA18845] GnuPG "gpgv" Signature Verification Security Issue
TITLE: GnuPG "gpgv" Signature Verification Security Issue SECUNIA ADVISORY ID: SA18845 VERIFY ADVISORY: http://secunia.com/advisories/18845/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: GnuPG / gpg 1.4.x http://secunia.com/product/8087/ GnuPG / gpg 1.0.x...
CVE-2006-0455
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also...
CVE-2006-0455
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also...
CVE-2006-0455
CVE-2006-0455 concerns GnuPG’s gpgv tool (and gpg --verify) emitting a false success exit code for malformed or detached signatures. Affects GnuPG prior to 1.4.2.1; the issue can allow automated scripts to falsely assume verification succeeded. The risk is described as a local attack vector with ...
gnupg -- false positive signature verification
Werner Koch reports: The Gentoo project identified a security related bug in GnuPG. When using any current version of GnuPG for unattended signature verification e.g. by scripts and mail programs, false positive signature verification of detached signatures may occur. This problem affects the too...