CVE - CVE-2006-0455

CVE-ID
CVE-2006-0455	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20060215 False positive signature verification in GnuPG URL:http://www.securityfocus.com/archive/1/425289/100/0/threaded MLIST:[gnupg-devel] 20060215 [Announce] False positive signature verification in GnuPG URL:http://marc.info/?l=gnupg-devel&m=113999098729114&w=2 MLIST:[gnupg-announce] 20060215 False positive signature verification in GnuPG URL:http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html DEBIAN:DSA-978 URL:http://www.us.debian.org/security/2006/dsa-978 FEDORA:FEDORA-2006-116 URL:http://fedoranews.org/updates/FEDORA-2006-116.shtml FEDORA:FLSA-2006:185355 URL:http://www.securityfocus.com/archive/1/433931/100/0/threaded GENTOO:GLSA-200602-10 URL:http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml MANDRIVA:MDKSA-2006:043 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:043 OPENPKG:OpenPKG-SA-2006.001 URL:http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html REDHAT:RHSA-2006:0266 URL:http://www.redhat.com/support/errata/RHSA-2006-0266.html SGI:20060401-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U SLACKWARE:SSA:2006-072-02 URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477 SUSE:SUSE-SA:2006:009 URL:http://www.novell.com/linux/security/advisories/2006_09_gpg.html SUSE:SUSE-SR:2006:005 URL:http://www.novell.com/linux/security/advisories/2006_05_sr.html SUSE:SUSE-SA:2006:013 URL:http://www.novell.com/linux/security/advisories/2006_13_gpg.html TRUSTIX:2006-0008 URL:http://www.trustix.org/errata/2006/0008 UBUNTU:USN-252-1 URL:http://www.ubuntu.com/usn/usn-252-1 BID:16663 URL:http://www.securityfocus.com/bid/16663 OVAL:oval:org.mitre.oval:def:10084 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084 VUPEN:ADV-2006-0610 URL:http://www.vupen.com/english/advisories/2006/0610 OSVDB:23221 URL:http://www.osvdb.org/23221 SECUNIA:18845 URL:http://secunia.com/advisories/18845 SECUNIA:18934 URL:http://secunia.com/advisories/18934 SECUNIA:18933 URL:http://secunia.com/advisories/18933 SECUNIA:18942 URL:http://secunia.com/advisories/18942 SECUNIA:18955 URL:http://secunia.com/advisories/18955 SECUNIA:18956 URL:http://secunia.com/advisories/18956 SECUNIA:18968 URL:http://secunia.com/advisories/18968 SECUNIA:19130 URL:http://secunia.com/advisories/19130 SECUNIA:19249 URL:http://secunia.com/advisories/19249 SECUNIA:19532 URL:http://secunia.com/advisories/19532 XF:gnupg-gpgv-improper-verification(24744) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24744
Assigning CNA
N/A
Date Entry Created
20060127	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060127)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org