Summary
| Detail | |||
|---|---|---|---|
| Vendor | Gnu | First view | 2001-02-12 |
| Product | Privacy Guard | Last view | 2006-03-13 |
| Version | 1.0.3b | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:gnu:privacy_guard | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2006-03-13 | CVE-2006-0049 | gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455. |
| 4.6 | 2006-02-15 | CVE-2006-0455 | gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify". |
| 5 | 2003-12-15 | CVE-2003-0971 | GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature. |
| 10 | 2003-05-27 | CVE-2003-0255 | The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path. |
| 5 | 2001-02-12 | CVE-2001-0072 | gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust. |
| 2.1 | 2001-02-12 | CVE-2001-0071 | gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection. |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 23790 | GnuPG gpg Unsigned Data Injection Detection Failure |
| 23221 | GnuPG gpgv Detached Signature Verification Failure |
| 4947 | GnuPG Multiple Userid Key Validity |
| 2869 | GnuPG ElGamal Encrypt+Sign Private Key Disclosure |
| 1702 | GnuPG Private Key Silent Import |
| 1699 | GnuPG Detached Signature Verification False-Positive |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-10-10 | Name : SLES9: Security update for gpg File : nvt/sles9p5017077.nasl |
| 2009-10-10 | Name : SLES9: Security update for gpg File : nvt/sles9p5019083.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200312-05 (GnuPG) File : nvt/glsa_200312_05.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200602-10 (gnupg) File : nvt/glsa_200602_10.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200603-08 (gnupg) File : nvt/glsa_200603_08.nasl |
| 2008-09-04 | Name : FreeBSD Ports: gnupg File : nvt/freebsd_gnupg.nasl |
| 2008-09-04 | Name : FreeBSD Ports: gnupg File : nvt/freebsd_gnupg1.nasl |
| 2008-09-04 | Name : FreeBSD Ports: gnupg File : nvt/freebsd_gnupg2.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 429-1 (gnupg) File : nvt/deb_429_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 429-2 (gnupg) File : nvt/deb_429_2.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 978-1 (gnupg) File : nvt/deb_978_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 993-1 (gnupg) File : nvt/deb_993_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 993-2 (gnupg) File : nvt/deb_993_2.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2006-072-02 gnupg File : nvt/esoft_slk_ssa_2006_072_02.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2000-087.nasl - Type: ACT_GATHER_INFO |
| 2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_813136472d0311d893550020ed76ef5a.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-978.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-993.nasl - Type: ACT_GATHER_INFO |
| 2006-07-05 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2006-0266.nasl - Type: ACT_GATHER_INFO |
| 2006-05-13 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_63fe41899f9711daac320001020eed82.nasl - Type: ACT_GATHER_INFO |
| 2006-05-13 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_948921adafbc11dabad902e081235dab.nasl - Type: ACT_GATHER_INFO |
| 2006-04-04 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-264-1.nasl - Type: ACT_GATHER_INFO |
| 2006-03-18 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2006-055.nasl - Type: ACT_GATHER_INFO |
| 2006-03-17 | Name: The remote host is missing a vendor-supplied security patch File: suse_SA_2006_014.nasl - Type: ACT_GATHER_INFO |
| 2006-03-16 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2006-0266.nasl - Type: ACT_GATHER_INFO |
| 2006-03-14 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-147.nasl - Type: ACT_GATHER_INFO |
| 2006-03-14 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2006-072-02.nasl - Type: ACT_GATHER_INFO |
| 2006-03-13 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200603-08.nasl - Type: ACT_GATHER_INFO |
| 2006-03-13 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-252-1.nasl - Type: ACT_GATHER_INFO |
| 2006-02-22 | Name: The remote host is missing a vendor-supplied security patch File: suse_SA_2006_009.nasl - Type: ACT_GATHER_INFO |
| 2006-02-19 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2006-043.nasl - Type: ACT_GATHER_INFO |
| 2006-02-19 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200602-10.nasl - Type: ACT_GATHER_INFO |
| 2006-02-19 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-116.nasl - Type: ACT_GATHER_INFO |
| 2004-09-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-429.nasl - Type: ACT_GATHER_INFO |
| 2004-07-31 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2003-061.nasl - Type: ACT_GATHER_INFO |
| 2004-07-31 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2003-109.nasl - Type: ACT_GATHER_INFO |
| 2004-07-25 | Name: The remote host is missing a vendor-supplied security patch File: suse_SA_2003_048.nasl - Type: ACT_GATHER_INFO |
| 2004-07-06 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2003-176.nasl - Type: ACT_GATHER_INFO |
| 2004-07-06 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2003-395.nasl - Type: ACT_GATHER_INFO |
