CVE-2006-0455
published 2006-02-15CVE-2006-0455: gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does…
PriorityP416medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
1.33%
67.5th percentile
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gnupg2 | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
| gnu | privacy_guard | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2006-03-09·CVSS 5.0
CVE-2006-0049 [MEDIUM] security flaw
security flaw
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
Ubuntu
gnupg vulnerability
vendor_ubuntu·2006-02-18
CVE-2006-0455 gnupg vulnerability
Title: gnupg vulnerability
Summary: gnupg vulnerability
Tavis Ormandy discovered a potential weakness in the signature
verification of gnupg. gpgv and gpg --verify returned a successful
exit code even if the checked file did not have any signature at all.
The recommended way of checking the result is to evaluate the status
messages, but some third party applications might just check the exit
code for determining whether or not a signature is valid. These
applications could be tricked into erroneously reporting a valid
signature.
Please note that this does not affect the Ubuntu package signature
checks.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2006-02-15·CVSS 4.6
CVE-2006-0455 [MEDIUM] security flaw
security flaw
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
Debian
CVE-2006-0049: gnupg2 - gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, wh...
vendor_debian·2006·CVSS 5.0
CVE-2006-0049 [MEDIUM] CVE-2006-0049: gnupg2 - gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, wh...
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Debian
CVE-2006-0455: gnupg2 - gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, retu...
vendor_debian·2006·CVSS 4.6
CVE-2006-0455 [MEDIUM] CVE-2006-0455: gnupg2 - gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, retu...
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-c5p7-4hq8-gm4c: gpg in GnuPG before 1
ghsa_unreviewed·2022-05-03·CVSS 4.6
CVE-2006-0049 [MEDIUM] GHSA-c5p7-4hq8-gm4c: gpg in GnuPG before 1
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
GHSA
GHSA-575c-cp7m-ghgh: gpgv in GnuPG before 1
ghsa_unreviewed·2022-05-03
CVE-2006-0455 [MEDIUM] GHSA-575c-cp7m-ghgh: gpgv in GnuPG before 1
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
No detection rules found.
Bugzilla
CVE-2006-0455 security flaw
bugzilla·2018-08-16·CVSS 4.6
CVE-2006-0455 [MEDIUM] CVE-2006-0455 security flaw
CVE-2006-0455 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
Bugzilla
CVE-2006-0049 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2006-0049 [MEDIUM] CVE-2006-0049 security flaw
CVE-2006-0049 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
Bugzilla
CVE-2006-0049, CVE-2006-0455 GnuPG signature verification bugs
bugzilla·2006-03-13·CVSS 5.0
CVE-2006-0049 [MEDIUM] CVE-2006-0049, CVE-2006-0455 GnuPG signature verification bugs
CVE-2006-0049, CVE-2006-0455 GnuPG signature verification bugs
From the official GnuPG advisory:
"Signature verification of non-detached signatures may give a positive result
but when extracting the signed data, this data may be prepended or appended with
extra data not covered by the signature. Thus it is possible for an attacker to
take any signed message and inject extra arbitrary data."
All versions :
"What does this discovery mean to OpenPGP users?
"If you use an OpenPGP-based program such as PGP® solutions, Gnu Privacy Guard,
or Hushmail to encrypt and decrypt emails or files, Mister's and Zuccherato's
discovery does not affect you. ...
"We know of no real-world application that is affected by this type of attack.
It is an attack that requires the active participation of someon
Bugzilla
CVE-2006-0455 gpg will quietly exit when attempting to verify a malformed message
bugzilla·2006-03-03·CVSS 4.6
CVE-2006-0455 [MEDIUM] CVE-2006-0455 gpg will quietly exit when attempting to verify a malformed message
CVE-2006-0455 gpg will quietly exit when attempting to verify a malformed message
+++ This bug was initially created as a clone of Bug #183484 +++
+++ This bug was initially created as a clone of Bug #181822 +++
The Gentoo project identified a security related bug in GnuPG. When
using any current version of GnuPG for unattended signature
verification (e.g. by scripts and mail programs), false positive
signature verification of detached signatures may occur.
This is primarily an issue since gpg return 0 on what should be a failure. This
will break automated scripts.
http://marc.theaimsgroup.com/?l=gnupg-devel&m=113999098729114&w=2
A reproducer for RHEL can be found here:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
(The Background section near the bottom)
This
Bugzilla
CVE-2006-0455 gpg will quietly exit when attempting to verify a malformed message
bugzilla·2006-03-01·CVSS 4.6
CVE-2006-0455 [MEDIUM] CVE-2006-0455 gpg will quietly exit when attempting to verify a malformed message
CVE-2006-0455 gpg will quietly exit when attempting to verify a malformed message
+++ This bug was initially created as a clone of Bug #181822 +++
The Gentoo project identified a security related bug in GnuPG. When
using any current version of GnuPG for unattended signature
verification (e.g. by scripts and mail programs), false positive
signature verification of detached signatures may occur.
This is primarily an issue since gpg return 0 on what should be a failure. This
will break automated scripts.
http://marc.theaimsgroup.com/?l=gnupg-devel&m=113999098729114&w=2
A reproducer for RHEL can be found here:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
(The Background section near the bottom)
This issue also affects RHEL2.1 and RHEL3
Discussion:
An advisory has
Bugzilla
CVE-2006-0455 gpg will quietly exit when attempting to verify a malformed message
bugzilla·2006-02-16·CVSS 4.6
CVE-2006-0455 [MEDIUM] CVE-2006-0455 gpg will quietly exit when attempting to verify a malformed message
CVE-2006-0455 gpg will quietly exit when attempting to verify a malformed message
The Gentoo project identified a security related bug in GnuPG. When
using any current version of GnuPG for unattended signature
verification (e.g. by scripts and mail programs), false positive
signature verification of detached signatures may occur.
This is primarily an issue since gpg return 0 on what should be a failure. This
will break automated scripts.
http://marc.theaimsgroup.com/?l=gnupg-devel&m=113999098729114&w=2
Discussion:
From User-Agent: XML-RPC
gnupg-1.4.2.1-1 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-Uhttp://fedoranews.org/updates/FEDORA-2006-116.shtmlhttp://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.htmlhttp://marc.info/?l=gnupg-devel&m=113999098729114&w=2http://secunia.com/advisories/18845http://secunia.com/advisories/18933http://secunia.com/advisories/18934http://secunia.com/advisories/18942http://secunia.com/advisories/18955http://secunia.com/advisories/18956http://secunia.com/advisories/18968http://secunia.com/advisories/19130http://secunia.com/advisories/19249http://secunia.com/advisories/19532http://www.gentoo.org/security/en/glsa/glsa-200602-10.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:043http://www.novell.com/linux/security/advisories/2006_05_sr.htmlhttp://www.novell.com/linux/security/advisories/2006_09_gpg.htmlhttp://www.novell.com/linux/security/advisories/2006_13_gpg.htmlhttp://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.htmlhttp://www.osvdb.org/23221http://www.redhat.com/support/errata/RHSA-2006-0266.htmlhttp://www.securityfocus.com/archive/1/425289/100/0/threadedhttp://www.securityfocus.com/archive/1/433931/100/0/threadedhttp://www.securityfocus.com/bid/16663http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477http://www.trustix.org/errata/2006/0008http://www.ubuntu.com/usn/usn-252-1http://www.us.debian.org/security/2006/dsa-978http://www.vupen.com/english/advisories/2006/0610https://exchange.xforce.ibmcloud.com/vulnerabilities/24744https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084ftp://patches.sgi.com/support/free/security/advisories/20060401-01-Uhttp://fedoranews.org/updates/FEDORA-2006-116.shtmlhttp://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.htmlhttp://marc.info/?l=gnupg-devel&m=113999098729114&w=2http://secunia.com/advisories/18845http://secunia.com/advisories/18933http://secunia.com/advisories/18934http://secunia.com/advisories/18942http://secunia.com/advisories/18955http://secunia.com/advisories/18956http://secunia.com/advisories/18968http://secunia.com/advisories/19130http://secunia.com/advisories/19249http://secunia.com/advisories/19532http://www.gentoo.org/security/en/glsa/glsa-200602-10.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:043http://www.novell.com/linux/security/advisories/2006_05_sr.htmlhttp://www.novell.com/linux/security/advisories/2006_09_gpg.htmlhttp://www.novell.com/linux/security/advisories/2006_13_gpg.htmlhttp://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.htmlhttp://www.osvdb.org/23221http://www.redhat.com/support/errata/RHSA-2006-0266.htmlhttp://www.securityfocus.com/archive/1/425289/100/0/threadedhttp://www.securityfocus.com/archive/1/433931/100/0/threadedhttp://www.securityfocus.com/bid/16663http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477http://www.trustix.org/errata/2006/0008http://www.ubuntu.com/usn/usn-252-1http://www.us.debian.org/security/2006/dsa-978http://www.vupen.com/english/advisories/2006/0610https://exchange.xforce.ibmcloud.com/vulnerabilities/24744https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084
2006-02-15
Published