|
GnuPG Detached Signature Verification Bypass Vulnerability
An exploit is not required. An example demonstrating this issue was provided: fortune >x.txt perl -e 'print "\xca"x"64"' >x.txt.sig gpgv x.txt.sig x.txt echo $? This creates a file as well as an obviously invalid detached signature file. The file is then successfully validated by 'gpgv', since the exit status is '0'. |
|
|
Privacy Statement |
