Vulnerabilities > CVE-2007-1263

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
gnu
gnupg
nessus
exploit available

Summary

GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.

Vulnerable Configurations

Part Description Count
Application
Gnu
2
Application
Gnupg
89

Exploit-Db

descriptionGnuPG 1.x Signed Message Arbitrary Content Injection Weakness. CVE-2007-1263. Remote exploit for linux platform
idEDB-ID:29689
last seen2016-02-03
modified2007-03-05
published2007-03-05
reporterGerardo Richarte
sourcehttps://www.exploit-db.com/download/29689/
titleGnuPG 1.x Signed Message Arbitrary Content Injection Weakness

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-315.NASL
    descriptionThis updates GnuPG to version 1.4.7, changing the default behavior so that gnupg now flags message streams which contain multiple plaintexts as an error. This prevents errors which would occur when applications which called gnupg assumed that this was already the default behavior. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24821
    published2007-03-16
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24821
    titleFedora Core 6 : gnupg-1.4.7-2 (2007-315)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-315.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24821);
      script_version ("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:25");
    
      script_cve_id("CVE-2007-1263");
      script_xref(name:"FEDORA", value:"2007-315");
    
      script_name(english:"Fedora Core 6 : gnupg-1.4.7-2 (2007-315)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This updates GnuPG to version 1.4.7, changing the default behavior so
    that gnupg now flags message streams which contain multiple plaintexts
    as an error. This prevents errors which would occur when applications
    which called gnupg assumed that this was already the default behavior.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-March/001553.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6df9da4a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected gnupg and / or gnupg-debuginfo packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnupg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnupg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:6");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/03/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 6.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC6", reference:"gnupg-1.4.7-2")) flag++;
    if (rpm_check(release:"FC6", reference:"gnupg-debuginfo-1.4.7-2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnupg / gnupg-debuginfo");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0106.NASL
    descriptionUpdated GnuPG packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applications that make use of GnuPG are prone to a vulnerability involving incorrect verification of signatures and encryption. An attacker could add arbitrary content to a signed message in such a way that a receiver of the message would not be able to distinguish between the properly signed parts of a message and the forged, unsigned, parts. (CVE-2007-1263) Whilst this is not a vulnerability in GnuPG itself, the GnuPG team have produced a patch to protect against messages with multiple plaintext packets. Users should update to these erratum packages which contain the backported patch for this issue. Red Hat would like to thank Core Security Technologies for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24775
    published2007-03-06
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24775
    titleRHEL 2.1 / 3 / 4 : gnupg (RHSA-2007:0106)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:0106. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24775);
      script_version ("1.23");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2007-1263");
      script_bugtraq_id(22757);
      script_xref(name:"RHSA", value:"2007:0106");
    
      script_name(english:"RHEL 2.1 / 3 / 4 : gnupg (RHSA-2007:0106)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated GnuPG packages that fix a security issue are now available.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    GnuPG is a utility for encrypting data and creating digital
    signatures.
    
    Gerardo Richarte discovered that a number of applications that make
    use of GnuPG are prone to a vulnerability involving incorrect
    verification of signatures and encryption. An attacker could add
    arbitrary content to a signed message in such a way that a receiver of
    the message would not be able to distinguish between the properly
    signed parts of a message and the forged, unsigned, parts.
    (CVE-2007-1263)
    
    Whilst this is not a vulnerability in GnuPG itself, the GnuPG team
    have produced a patch to protect against messages with multiple
    plaintext packets. Users should update to these erratum packages which
    contain the backported patch for this issue.
    
    Red Hat would like to thank Core Security Technologies for reporting
    this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1263"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2007:0106"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gnupg package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gnupg");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/03/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(2\.1|3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2007:0106";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"gnupg-1.0.7-21")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"gnupg-1.2.1-20")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"gnupg-1.2.6-9")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnupg");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0107.NASL
    descriptionFrom Red Hat Security Advisory 2007:0107 : Updated GnuPG packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applications that make use of GnuPG are prone to a vulnerability involving incorrect verification of signatures and encryption. An attacker could add arbitrary content to a signed message in such a way that a receiver of the message would not be able to distinguish between the properly signed parts of a message and the forged, unsigned, parts. (CVE-2007-1263) Whilst this is not a vulnerability in GnuPG itself, the GnuPG team have produced a patch to protect against messages with multiple plaintext packets. Users should update to these erratum packages which contain the backported patch for this issue. Red Hat would like to thank Core Security Technologies for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67460
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67460
    titleOracle Linux 5 : gnupg (ELSA-2007-0107)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2007:0107 and 
    # Oracle Linux Security Advisory ELSA-2007-0107 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67460);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:06");
    
      script_cve_id("CVE-2007-1263");
      script_bugtraq_id(22757);
      script_xref(name:"RHSA", value:"2007:0107");
    
      script_name(english:"Oracle Linux 5 : gnupg (ELSA-2007-0107)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2007:0107 :
    
    Updated GnuPG packages that fix a security issue are now available for
    Red Hat Enterprise Linux 5.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    GnuPG is a utility for encrypting data and creating digital
    signatures.
    
    Gerardo Richarte discovered that a number of applications that make
    use of GnuPG are prone to a vulnerability involving incorrect
    verification of signatures and encryption. An attacker could add
    arbitrary content to a signed message in such a way that a receiver of
    the message would not be able to distinguish between the properly
    signed parts of a message and the forged, unsigned, parts.
    (CVE-2007-1263)
    
    Whilst this is not a vulnerability in GnuPG itself, the GnuPG team
    have produced a patch to protect against messages with multiple
    plaintext packets. Users should update to these erratum packages which
    contain the backported patch for this issue.
    
    Red Hat would like to thank Core Security Technologies for reporting
    this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2007-June/000236.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gnupg package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnupg");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/06/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"gnupg-1.4.5-13")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnupg");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-432-1.NASL
    descriptionGerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28026
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28026
    titleUbuntu 5.10 / 6.06 LTS / 6.10 : gnupg vulnerability (USN-432-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0107.NASL
    descriptionUpdated GnuPG packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applications that make use of GnuPG are prone to a vulnerability involving incorrect verification of signatures and encryption. An attacker could add arbitrary content to a signed message in such a way that a receiver of the message would not be able to distinguish between the properly signed parts of a message and the forged, unsigned, parts. (CVE-2007-1263) Whilst this is not a vulnerability in GnuPG itself, the GnuPG team have produced a patch to protect against messages with multiple plaintext packets. Users should update to these erratum packages which contain the backported patch for this issue. Red Hat would like to thank Core Security Technologies for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25320
    published2007-05-25
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25320
    titleRHEL 5 : gnupg (RHSA-2007:0107)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_11464.NASL
    descriptionWhen printing a text stream with a GPG signature it was possible for an attacker to create a stream with
    last seen2020-06-01
    modified2020-06-02
    plugin id41120
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41120
    titleSuSE9 Security Update : gpg (YOU Patch Number 11464)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2007-066-01.NASL
    descriptionNew gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security ramifications of incorrect gpg usage.
    last seen2020-06-01
    modified2020-06-02
    plugin id24787
    published2007-03-12
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24787
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 / 9.0 / 9.1 : gnupg (SSA:2007-066-01)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-432-2.NASL
    descriptionUSN-432-1 fixed a vulnerability in GnuPG. This update provides the corresponding updates for GnuPG2 and the GPGME library. Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28027
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28027
    titleUbuntu 6.06 LTS / 6.10 : gnupg2, gpgme1.0 vulnerability (USN-432-2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GPG-2995.NASL
    descriptionWhen printing a text stream with a GPG signature it was possible for an attacker to create a stream with
    last seen2020-06-01
    modified2020-06-02
    plugin id27248
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27248
    titleopenSUSE 10 Security Update : gpg (gpg-2995)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GPG-2994.NASL
    descriptionWhen printing a text stream with a GPG signature it was possible for an attacker to create a stream with
    last seen2020-06-01
    modified2020-06-02
    plugin id29450
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29450
    titleSuSE 10 Security Update : gpg (ZYPP Patch Number 2994)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-316.NASL
    descriptionThis updates GnuPG to version 1.4.7, changing the default behavior so that gnupg now flags message streams which contain multiple plaintexts as an error. This prevents errors which would occur when applications which called gnupg assumed that this was already the default behavior. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24822
    published2007-03-16
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24822
    titleFedora Core 5 : gnupg-1.4.7-1 (2007-316)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-059.NASL
    descriptionGnuPG prior to 1.4.7 and GPGME prior to 1.1.4, when run from the command line, did not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components. This could allow a remote attacker to forge the contents of an email message without detection. GnuPG 1.4.7 is being provided with this update and GPGME has been patched on Mandriva 2007.0 to provide better visual notification on these types of forgeries.
    last seen2020-06-01
    modified2020-06-02
    plugin id24809
    published2007-03-12
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24809
    titleMandrake Linux Security Advisory : gnupg (MDKSA-2007:059)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1266.NASL
    descriptionGerardo Richarte discovered that GnuPG, a free PGP replacement, provides insufficient user feedback if an OpenPGP message contains both unsigned and signed portions. Inserting text segments into an otherwise signed message could be exploited to forge the content of signed messages. This update prevents such attacks; the old behaviour can still be activated by passing the --allow-multiple-messages option.
    last seen2020-06-01
    modified2020-06-02
    plugin id24819
    published2007-03-16
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24819
    titleDebian DSA-1266-1 : gnupg - several vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0106.NASL
    descriptionUpdated GnuPG packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applications that make use of GnuPG are prone to a vulnerability involving incorrect verification of signatures and encryption. An attacker could add arbitrary content to a signed message in such a way that a receiver of the message would not be able to distinguish between the properly signed parts of a message and the forged, unsigned, parts. (CVE-2007-1263) Whilst this is not a vulnerability in GnuPG itself, the GnuPG team have produced a patch to protect against messages with multiple plaintext packets. Users should update to these erratum packages which contain the backported patch for this issue. Red Hat would like to thank Core Security Technologies for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24764
    published2007-03-06
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24764
    titleCentOS 3 / 4 : gnupg (CESA-2007:0106)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0106.NASL
    descriptionFrom Red Hat Security Advisory 2007:0106 : Updated GnuPG packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applications that make use of GnuPG are prone to a vulnerability involving incorrect verification of signatures and encryption. An attacker could add arbitrary content to a signed message in such a way that a receiver of the message would not be able to distinguish between the properly signed parts of a message and the forged, unsigned, parts. (CVE-2007-1263) Whilst this is not a vulnerability in GnuPG itself, the GnuPG team have produced a patch to protect against messages with multiple plaintext packets. Users should update to these erratum packages which contain the backported patch for this issue. Red Hat would like to thank Core Security Technologies for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67459
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67459
    titleOracle Linux 3 / 4 : gnupg (ELSA-2007-0106)

Oval

accepted2013-04-29T04:06:09.942-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionGnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
familyunix
idoval:org.mitre.oval:def:10496
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleGnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
version27

Redhat

advisories
  • bugzilla
    id230456
    titleCVE-2007-1263 gnupg signed message spoofing
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • commentgnupg is earlier than 0:1.2.6-9
        ovaloval:com.redhat.rhsa:tst:20070106001
      • commentgnupg is signed with Red Hat master key
        ovaloval:com.redhat.rhsa:tst:20060266002
    rhsa
    idRHSA-2007:0106
    released2007-03-06
    severityImportant
    titleRHSA-2007:0106: gnupg security update (Important)
  • bugzilla
    id230467
    titleCVE-2007-1263 gnupg signed message spoofing
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • commentgnupg is earlier than 0:1.4.5-13
        ovaloval:com.redhat.rhsa:tst:20070107001
      • commentgnupg is signed with Red Hat redhatrelease key
        ovaloval:com.redhat.rhsa:tst:20070107002
    rhsa
    idRHSA-2007:0107
    released2007-03-14
    severityImportant
    titleRHSA-2007:0107: gnupg security update (Important)
rpms
  • gnupg-0:1.0.7-21
  • gnupg-0:1.2.1-20
  • gnupg-0:1.2.6-9
  • gnupg-debuginfo-0:1.2.1-20
  • gnupg-debuginfo-0:1.2.6-9
  • gnupg-0:1.4.5-13
  • gnupg-debuginfo-0:1.4.5-13

References