GnuPG Detached Signature Verification Bypass Vulnerability

Bugtraq ID: 16663
Class: Design Error
CVE: CVE-2006-0455
Remote: Yes
Local: Yes
Published: Feb 15 2006 12:00AM
Updated: Dec 22 2006 12:04AM
Credit: taviso from the Gentoo project discovered this issue and reported it to the vendor.
Vulnerable: Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SGI ProPack 3.0 SP6
S.u.S.E. UnitedLinux 1.0
S.u.S.E. tomboy 10.0
S.u.S.E. Open-Enterprise-Server 1
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. liferea 10.0
S.u.S.E. blam 10.0
S.u.S.E. blam 9.3
S.u.S.E. beagle 10.0
S.u.S.E. beagle 9.3
S.u.S.E. banshee 10.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
OpenPKG OpenPKG 2.5
OpenPKG OpenPKG 2.4
OpenPKG OpenPKG 2.3
OpenPKG OpenPKG Current
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
GNU PG 1.2.6
GNU GNU Privacy Guard 1.4.2
GNU GNU Privacy Guard 1.4.1
GNU GNU Privacy Guard 1.4
GNU GNU Privacy Guard 1.3.4
GNU GNU Privacy Guard 1.3.3
GNU GNU Privacy Guard 1.2.7
GNU GNU Privacy Guard 1.2.6
GNU GNU Privacy Guard 1.2.5
GNU GNU Privacy Guard 1.2.4
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
GNU GNU Privacy Guard 1.2.3
+ Conectiva Linux 9.0
+ Mandriva Linux Mandrake 9.2
+ Turbolinux Turbolinux Desktop 10.0
GNU GNU Privacy Guard 1.2.2 -rc1
+ S.u.S.E. Linux Personal 8.2
GNU GNU Privacy Guard 1.2.2 -r1
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
GNU GNU Privacy Guard 1.2.2
GNU GNU Privacy Guard 1.2.1
+ Conectiva Linux 9.0
+ OpenPKG OpenPKG 1.2
+ RedHat Linux 9.0 i386
+ Terra Soft Solutions Yellow Dog Linux 3.0
GNU GNU Privacy Guard 1.2
GNU GNU Privacy Guard 1.0.7
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ MandrakeSoft apcupsd 2006.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ OpenPKG OpenPKG 1.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 8.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux Advanced Work Station 2.1
+ Sun Linux 5.0.5
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 6.5
+ Turbolinux Turbolinux Server 6.1
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 6.0
GNU GNU Privacy Guard 1.0.6
GNU GNU Privacy Guard 1.0.5
GNU GNU Privacy Guard 1.0.4
- Turbolinux Turbolinux 6.0.5
- Turbolinux Turbolinux Server 6.5
- Turbolinux Turbolinux Workstation 6.1
GNU GNU Privacy Guard 1.0.3 b
GNU GNU Privacy Guard 1.0.3
GNU GNU Privacy Guard 1.0.2
GNU GNU Privacy Guard 1.0.1
GNU GNU Privacy Guard 1.0 .6
- MandrakeSoft Corporate Server 1.0.1
- Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0 ppc
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
GNU GNU Privacy Guard 1.0
GNU finger 1.0.7
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Not Vulnerable: GNU GNU Privacy Guard 1.4.2 .1


 

Privacy Statement
Copyright 2010, SecurityFocus