CVE-2006-0049
Debian Linux Security Advisory 993-1
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
All versions of gnupg prior to 1.4.2.2 do not detect injection of unsigned data. Signature verification of non-detached signatures may give a positive result but when extracting the signed data, this data may be prepended or appended with extra data not covered by the signature. Thus it is possible for an attacker to take any signed message and inject extra arbitrary data.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2005-12-28 CVE Reserved
- 2006-03-11 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (33)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/19197 | Third Party Advisory | |
| http://secunia.com/advisories/19203 | Third Party Advisory | |
| http://secunia.com/advisories/19231 | Third Party Advisory | |
| http://secunia.com/advisories/19232 | Third Party Advisory | |
| http://secunia.com/advisories/19234 | Third Party Advisory | |
| http://secunia.com/advisories/19244 | Third Party Advisory | |
| http://secunia.com/advisories/19249 | Third Party Advisory | |
| http://secunia.com/advisories/19287 | Third Party Advisory | |
| http://secunia.com/advisories/19532 | Third Party Advisory | |
| http://securityreason.com/securityalert/450 | Third Party Advisory | |
| http://securityreason.com/securityalert/568 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/427324/100/0/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2006/0915 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25184 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html | 2018-10-19 | |
| http://secunia.com/advisories/19173 | 2018-10-19 | |
| http://securitytracker.com/id?1015749 | 2018-10-19 | |
| http://www.debian.org/security/2006/dsa-993 | 2018-10-19 | |
| http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml | 2018-10-19 | |
| http://www.osvdb.org/23790 | 2018-10-19 | |
| http://www.securityfocus.com/bid/17058 | 2018-10-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0 Search vendor "Gnu" for product "Privacy Guard" and version "1.0" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0.1 Search vendor "Gnu" for product "Privacy Guard" and version "1.0.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0.2 Search vendor "Gnu" for product "Privacy Guard" and version "1.0.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0.3 Search vendor "Gnu" for product "Privacy Guard" and version "1.0.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0.3b Search vendor "Gnu" for product "Privacy Guard" and version "1.0.3b" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0.4 Search vendor "Gnu" for product "Privacy Guard" and version "1.0.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0.5 Search vendor "Gnu" for product "Privacy Guard" and version "1.0.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0.6 Search vendor "Gnu" for product "Privacy Guard" and version "1.0.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0.7 Search vendor "Gnu" for product "Privacy Guard" and version "1.0.7" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2 Search vendor "Gnu" for product "Privacy Guard" and version "1.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2.1 Search vendor "Gnu" for product "Privacy Guard" and version "1.2.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2.2 Search vendor "Gnu" for product "Privacy Guard" and version "1.2.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2.2 Search vendor "Gnu" for product "Privacy Guard" and version "1.2.2" | rc1 |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2.3 Search vendor "Gnu" for product "Privacy Guard" and version "1.2.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2.4 Search vendor "Gnu" for product "Privacy Guard" and version "1.2.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2.5 Search vendor "Gnu" for product "Privacy Guard" and version "1.2.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2.6 Search vendor "Gnu" for product "Privacy Guard" and version "1.2.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2.7 Search vendor "Gnu" for product "Privacy Guard" and version "1.2.7" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.3.3 Search vendor "Gnu" for product "Privacy Guard" and version "1.3.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.3.4 Search vendor "Gnu" for product "Privacy Guard" and version "1.3.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.4 Search vendor "Gnu" for product "Privacy Guard" and version "1.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.4.1 Search vendor "Gnu" for product "Privacy Guard" and version "1.4.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.4.2 Search vendor "Gnu" for product "Privacy Guard" and version "1.4.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.4.2.1 Search vendor "Gnu" for product "Privacy Guard" and version "1.4.2.1" | - |
Affected
| ||||||