CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ GnuPG and GnuPG clients unsigned data injection vulnerability Date Published: 2007-03-05 Last Update: 2007-03-05 Advisory ID: CORE-2007-0115 Bugtraq IDs: BID 22757 -...

GnuPG and GnuPG clients unsigned data injection vulnerability

Advisory ID Internal CORE-2007-0115 Date Published: 2007-03-05 Last Update: 2007-03-05 Advisory ID: CORE-2007-0115 Bugtraq IDs: BID 22757 - GnuPG BID 22758 - Enigmail BID 22759 - KMail BID 22760 - Evolution BID 22777 - Sylpheed BID 22778 - Mutt BID 22779 - GNUMail CVE Names: CVE-2007-1263 for the...

Xbox 360 Hypervisor Privilege Escalation Vulnerability

Security Advisory Xbox 360 Hypervisor Privilege Escalation Vulnerability Release Date: February 28, 2007 Author: Anonymous Hacker [email protected] Timeline: Oct 31, 2006 - release of 4532 kernel, which is the first version containing the bug Nov 16, 2006 - proof of concept completed; unsigned...

Integer overflow:attack

Digital Scream January, 2003 Integer overflow: attack Hello! Recently, the number of people involved in IT security has grown significantly. Consequently, there was a breakthrough in the implementation of some attacks... And that is why this article is about a new type of Integer Overflow attack...

FreeBSD-SA-06:25.kmem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:25.kmem Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in firewire4 Category: core Module: sysdev Announced: 2006-12-06 Credits: Rodrigo...

Multiple FreeBSD kernel integer overflow

Integer overflow and signed/unsigned conversion problems in i386setldt...

[Full-disclosure] RealVNC 4.1.2 minor heap corruption/DoS vulnerability (authentication required)

This vulnerability affects the latest version of RealVNC 4.1.2 on all platforms. It is tested on Windows. To exploit the vulnerability, the attacker must either control a connected and authenticated client connected to a vulnerable VNC server or control a VNC server with at least one vulnerable...

CVE-2006-3463

The EstimateStripByteCounts function in TIFF library libtiff before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large tdnstrips value, which triggers an infinite loop...

DSA-1137-1 tiff - several vulnerabilities

Bulletin has no description...

CVE-2006-3253

Cross-site scripting XSS vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run...

JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space

Hi y'all, Quite a while ago I was testing with applets and found this by accident. It is definitely not a big issue, but worth to mention, as I discovered that an applet was eating up all the free space on the harddrive by allocating a large file in the users hidden temp dir filename is something...

USN-264-1: gnupg vulnerability

Tavis Ormandy discovered a flaw in gnupg's signature verification. In some cases, certain invalid signature formats could cause gpg to report a 'good signature' result for auxiliary unsigned data which was prepended or appended to the checked message part...

security flaw

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different...

Fedora Core 4 : gnupg-1.4.2.2-1 (2006-147)

Tavis Ormandy discovered a flaw in the way GnuPG verifies cryptographically signed data with inline signatures. It is possible for an attacker to add unsigned text to a signed message in such a way so that when the signed text is extracted, the unsigned text is extracted as well, appearing as if ...

CVE-2006-0049

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different...

CVE-2006-0049

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different...

GnuPG does not detect injection of unsigned data

GnuPG does not detect injection of unsigned data ================================================ released 2006-03-09, CVE-2006-0049 Summary ======= In the aftermath of the false positive signature verfication bug announced 2006-02-15 more thorough testing of the fix has been done and another...

GnuPG unsigned data injection

While decoding non-detached with signature within text messages unsigned data behind signature is invalidely decoded as a part of the messages...

GnuPG does not detect injection of unsigned data

Werner Koch reports: In the aftermath of the false positive signature verfication bug announced 2006-02-15 more thorough testing of the fix has been done and another vulnerability has been detected. This new problem affects the use of gpg for verification of signatures which are not detached...

security flaw

The procfs code procmisc.c in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value...