CVE-2006-0455
GnuPG 1.x - Detached Signature Verification Bypass
Severity Score
4.6
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
gpgv en GnuPG en versiones anteriores a 1.4.2.1, cuando se utiliza verificación de firma desatendida, devuelve un código de salida 0 en algunos casos, incluso cuando el archivo de firma acompañante no lleva una firma, esto puede provocar que los programas que usen gpgv asuman que la verificación de la firma ha tenido éxito. Nota: Esto también ocurre cuando se ejecuta el comando equivalente "gpg --verify".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-01-27 CVE Reserved
- 2006-02-15 CVE Published
- 2006-02-15 First Exploit
- 2023-05-22 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (35)
| URL | Tag | Source |
|---|---|---|
| http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html | Mailing List | |
| http://marc.info/?l=gnupg-devel&m=113999098729114&w=2 | Mailing List | |
| http://www.osvdb.org/23221 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/425289/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24744 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/27231 | 2006-02-15 | |
| http://www.securityfocus.com/bid/16663 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/18933 | 2023-11-07 | |
| http://secunia.com/advisories/18934 | 2023-11-07 | |
| http://secunia.com/advisories/18942 | 2023-11-07 | |
| http://secunia.com/advisories/18955 | 2023-11-07 | |
| http://secunia.com/advisories/18956 | 2023-11-07 | |
| http://secunia.com/advisories/18968 | 2023-11-07 | |
| http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml | 2023-11-07 | |
| http://www.novell.com/linux/security/advisories/2006_09_gpg.html | 2023-11-07 | |
| http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477 | 2023-11-07 | |
| http://www.us.debian.org/security/2006/dsa-978 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0 Search vendor "Gnu" for product "Privacy Guard" and version "1.0" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0.1 Search vendor "Gnu" for product "Privacy Guard" and version "1.0.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0.2 Search vendor "Gnu" for product "Privacy Guard" and version "1.0.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0.3 Search vendor "Gnu" for product "Privacy Guard" and version "1.0.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0.3b Search vendor "Gnu" for product "Privacy Guard" and version "1.0.3b" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0.4 Search vendor "Gnu" for product "Privacy Guard" and version "1.0.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0.5 Search vendor "Gnu" for product "Privacy Guard" and version "1.0.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0.6 Search vendor "Gnu" for product "Privacy Guard" and version "1.0.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.0.7 Search vendor "Gnu" for product "Privacy Guard" and version "1.0.7" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2 Search vendor "Gnu" for product "Privacy Guard" and version "1.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2.1 Search vendor "Gnu" for product "Privacy Guard" and version "1.2.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2.2 Search vendor "Gnu" for product "Privacy Guard" and version "1.2.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2.2 Search vendor "Gnu" for product "Privacy Guard" and version "1.2.2" | rc1 |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2.3 Search vendor "Gnu" for product "Privacy Guard" and version "1.2.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2.4 Search vendor "Gnu" for product "Privacy Guard" and version "1.2.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2.5 Search vendor "Gnu" for product "Privacy Guard" and version "1.2.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2.6 Search vendor "Gnu" for product "Privacy Guard" and version "1.2.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.2.7 Search vendor "Gnu" for product "Privacy Guard" and version "1.2.7" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.3.3 Search vendor "Gnu" for product "Privacy Guard" and version "1.3.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.3.4 Search vendor "Gnu" for product "Privacy Guard" and version "1.3.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.4 Search vendor "Gnu" for product "Privacy Guard" and version "1.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.4.1 Search vendor "Gnu" for product "Privacy Guard" and version "1.4.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Privacy Guard Search vendor "Gnu" for product "Privacy Guard" | 1.4.2 Search vendor "Gnu" for product "Privacy Guard" and version "1.4.2" | - |
Affected
| ||||||