FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-0455

This CVE name corresponds to:

Entered Topic
2006-02-17 gnupg -- false positive signature verification

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-0455 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-0455
Phase Assigned(20060127)

Description

gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".

References

Source Reference
BUGTRAQ 20060215 False positive signature verification in GnuPG
MLIST [gnupg-devel] 20060215 [Announce] False positive signature verification in GnuPG
MLIST [gnupg-announce] 20060215 False positive signature verification in GnuPG
DEBIAN DSA-978
FEDORA FEDORA-2006-116
FEDORA FLSA-2006:185355
GENTOO GLSA-200602-10
MANDRIVA MDKSA-2006:043
OPENPKG OpenPKG-SA-2006.001
REDHAT RHSA-2006:0266
SGI 20060401-01-U
SLACKWARE SSA:2006-072-02
SUSE SUSE-SA:2006:009
SUSE SUSE-SR:2006:005
SUSE SUSE-SA:2006:013
TRUSTIX 2006-0008
UBUNTU USN-252-1
BID 16663
OVAL oval:org.mitre.oval:def:10084
VUPEN ADV-2006-0610
OSVDB 23221
SECUNIA 18845
SECUNIA 18934
SECUNIA 18933
SECUNIA 18942
SECUNIA 18955
SECUNIA 18956
SECUNIA 18968
SECUNIA 19130
SECUNIA 19249
SECUNIA 19532
XF gnupg-gpgv-improper-verification(24744)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.