CVE编号
CVE-2006-0455利用情况
暂无补丁情况
官方补丁披露时间
2006-02-16漏洞描述
1.4.2.1之前的GnuPG中的gpgv在使用无人值守签名验证时,即使分离的签名文件中没有签名,在某些情况下也会返回0退出代码,这可能导致使用gpgv的程序假定签名验证已成功。注意:当运行等效命令“ gpg --verify”时,也会发生这种情况。解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U | |
| http://fedoranews.org/updates/FEDORA-2006-116.shtml | |
| http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html | |
| http://marc.info/?l=gnupg-devel&m=113999098729114&w=2 | |
| http://secunia.com/advisories/18845 | |
| http://secunia.com/advisories/18933 | |
| http://secunia.com/advisories/18934 | |
| http://secunia.com/advisories/18942 | |
| http://secunia.com/advisories/18955 | |
| http://secunia.com/advisories/18956 | |
| http://secunia.com/advisories/18968 | |
| http://secunia.com/advisories/19130 | |
| http://secunia.com/advisories/19249 | |
| http://secunia.com/advisories/19532 | |
| http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2006:043 | |
| http://www.novell.com/linux/security/advisories/2006_05_sr.html | |
| http://www.novell.com/linux/security/advisories/2006_09_gpg.html | |
| http://www.novell.com/linux/security/advisories/2006_13_gpg.html | |
| http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html | |
| http://www.osvdb.org/23221 | |
| http://www.redhat.com/support/errata/RHSA-2006-0266.html | |
| http://www.securityfocus.com/archive/1/425289/100/0/threaded | |
| http://www.securityfocus.com/archive/1/433931/100/0/threaded | |
| http://www.securityfocus.com/bid/16663 | |
| http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=sl... | |
| http://www.trustix.org/errata/2006/0008 | |
| http://www.ubuntu.com/usn/usn-252-1 | |
| http://www.us.debian.org/security/2006/dsa-978 | |
| http://www.vupen.com/english/advisories/2006/0610 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24744 | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.0.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.0.2 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.0.3 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.0.3b | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.0.4 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.0.5 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.0.6 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.0.7 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.2 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.2.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.2.2 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.2.3 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.2.4 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.2.5 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.2.6 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.2.7 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.3.3 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.3.4 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.4 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.4.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | privacy_guard | 1.4.2 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_3.0 | gnupg | * |
Up to (excluding) 1.0.6-4woody4 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_3.1 | gnupg | * |
Up to (excluding) 1.4.1-1sarge1 |
|||||
- 攻击路径 本地
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 全局影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 数据泄露
- 数据完整性 传输被破坏
- 服务器危害 DoS
- 全网数量 N/A
还没有评论,来说两句吧...