Vulnerabilities > CVE-2000-0974 - Unspecified vulnerability in GNU Privacy Guard
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Nessus
NASL family | Mandriva Local Security Checks |
NASL id | MANDRAKE_MDKSA-2000-063.NASL |
description | A problem exists in all versions of GnuPG prior to and including 1.0.3. Because of this problem, GnuPG may report files which have been signed with multiple keys (one or more of which may be incorrect) to be valid even if one of the signatures is in fact valid. Update : The previous packages announced yesterday were built with i686 instructions and would not run on i586 systems. These packages correct the error. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 61850 |
published | 2012-09-06 |
reporter | This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/61850 |
title | Mandrake Linux Security Advisory : gnupg (MDKSA-2000:063-1) |
code |
|
Redhat
advisories |
|
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000334
- http://www.debian.org/security/2000/20001111
- http://www.osvdb.org/1608
- http://www.redhat.com/support/errata/RHSA-2000-089.html
- http://www.securityfocus.com/bid/1797
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5386