CVE-2006-0455
CVE-2006-0455
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
Produtos afetados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/27231não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-Uhttp://fedoranews.org/updates/FEDORA-2006-116.shtmlhttp://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.htmlhttp://marc.info/?l=gnupg-devel&m=113999098729114&w=2http://secunia.com/advisories/18845http://secunia.com/advisories/18933http://secunia.com/advisories/18934http://secunia.com/advisories/18942http://secunia.com/advisories/18955http://secunia.com/advisories/18956http://secunia.com/advisories/18968http://secunia.com/advisories/19130