CVE-2007-1263

GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://fedoranews.org/cms/node/2775
http://fedoranews.org/cms/node/2776
http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html
http://secunia.com/advisories/24365
http://secunia.com/advisories/24407
http://secunia.com/advisories/24419
http://secunia.com/advisories/24420
http://secunia.com/advisories/24438
http://secunia.com/advisories/24489
http://secunia.com/advisories/24511
http://secunia.com/advisories/24544
http://secunia.com/advisories/24650
http://secunia.com/advisories/24734
http://secunia.com/advisories/24875
http://securityreason.com/securityalert/2353
http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm
http://www.coresecurity.com/?action=item&id=1687	Patch Vendor Advisory
http://www.debian.org/security/2007/dsa-1266
http://www.mandriva.com/security/advisories?name=MDKSA-2007:059
http://www.redhat.com/support/errata/RHSA-2007-0106.html
http://www.redhat.com/support/errata/RHSA-2007-0107.html
http://www.securityfocus.com/archive/1/461958/100/0/threaded
http://www.securityfocus.com/archive/1/461958/30/7710/threaded
http://www.securityfocus.com/bid/22757
http://www.securitytracker.com/id?1017727
http://www.trustix.org/errata/2007/0009/
http://www.ubuntu.com/usn/usn-432-1
http://www.ubuntu.com/usn/usn-432-2
http://www.vupen.com/english/advisories/2007/0835
https://issues.rpath.com/browse/RPL-1111
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10496
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://fedoranews.org/cms/node/2775
http://fedoranews.org/cms/node/2776
http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html
http://secunia.com/advisories/24365
http://secunia.com/advisories/24407
http://secunia.com/advisories/24419
http://secunia.com/advisories/24420
http://secunia.com/advisories/24438
http://secunia.com/advisories/24489
http://secunia.com/advisories/24511
http://secunia.com/advisories/24544
http://secunia.com/advisories/24650
http://secunia.com/advisories/24734
http://secunia.com/advisories/24875
http://securityreason.com/securityalert/2353
http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm
http://www.coresecurity.com/?action=item&id=1687	Patch Vendor Advisory
http://www.debian.org/security/2007/dsa-1266
http://www.mandriva.com/security/advisories?name=MDKSA-2007:059
http://www.redhat.com/support/errata/RHSA-2007-0106.html
http://www.redhat.com/support/errata/RHSA-2007-0107.html
http://www.securityfocus.com/archive/1/461958/100/0/threaded
http://www.securityfocus.com/archive/1/461958/30/7710/threaded
http://www.securityfocus.com/bid/22757
http://www.securitytracker.com/id?1017727
http://www.trustix.org/errata/2007/0009/
http://www.ubuntu.com/usn/usn-432-1
http://www.ubuntu.com/usn/usn-432-2
http://www.vupen.com/english/advisories/2007/0835
https://issues.rpath.com/browse/RPL-1111
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10496

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnu:gpgme::::::::
	cpe:2.3:a:gnupg:gnupg::::::::

History

21 Nov 2024, 00:27

Information

Published : 2007-03-06 20:19

Updated : 2025-04-09 00:30

NVD link : CVE-2007-1263

Mitre link : CVE-2007-1263

CVE.ORG link : CVE-2007-1263

JSON object : View

Products Affected

gnupg

gnupg

gnu

gpgme

CWE

NVD-CWE-Other

{"id": "CVE-2007-1263", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-03-06T20:19:00.000", "references": [{"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc", "source": "cve@mitre.org"}, {"url": "http://fedoranews.org/cms/node/2775", "source": "cve@mitre.org"}, {"url": "http://fedoranews.org/cms/node/2776", "source": "cve@mitre.org"}, {"url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html", "source": "cve@mitre.org"}, {"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24365", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24407", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24419", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24420", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24438", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24489", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24511", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24544", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24650", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24734", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24875", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2353", "source": "cve@mitre.org"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm", "source": "cve@mitre.org"}, {"url": "http://www.coresecurity.com/?action=item&id=1687", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2007/dsa-1266", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:059", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0106.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0107.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22757", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1017727", "source": "cve@mitre.org"}, {"url": "http://www.trustix.org/errata/2007/0009/", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-432-1", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-432-2", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0835", "source": "cve@mitre.org"}, {"url": "https://issues.rpath.com/browse/RPL-1111", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10496", "source": "cve@mitre.org"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://fedoranews.org/cms/node/2775", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://fedoranews.org/cms/node/2776", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24365", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24407", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24419", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24420", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24438", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24489", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24511", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24544", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24650", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24734", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24875", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/2353", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.coresecurity.com/?action=item&id=1687", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2007/dsa-1266", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:059", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0106.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0107.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/22757", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1017727", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.trustix.org/errata/2007/0009/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/usn-432-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/usn-432-2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/0835", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://issues.rpath.com/browse/RPL-1111", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10496", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection."}, {"lang": "es", "value": "GnuPG 1.4.6 y anteriores y GPGME anterior a 1.1.4, al ser ejecutado desde la l\u00ednea de comandos, no distingue visualmente trozos firmados de no firmados en mensajes OpenPGP con m\u00faltiples componentes, lo cual podr\u00eda permitir a atacantes remotos falsificar el contenido de un mensaje sin ser detectado."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:gpgme:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA56B122-75BE-4872-859B-13FDCA2DC641", "versionEndIncluding": "1.1.3"}, {"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "804DFC99-270C-41FD-9D03-53FA501F382A", "versionEndIncluding": "1.4.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.0 /10