漏洞信息详情
GnuPG 验证绕过漏洞
- CNNVD编号:CNNVD-200602-203
- 危害等级: 中危
![图片[1]-GnuPG 验证绕过漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-04-27/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2006-0455
- 漏洞类型:
设计错误
- 发布时间:
2006-02-15
- 威胁类型:
本地
- 更新时间:
2007-02-07
- 厂 商:
gnu - 漏洞来源:
taviso from the Ge… -
漏洞简介
GnuPG 1.4.2.1版之前的gpgv在使用自动签名验证时会在特定情况下(即使分离签名文件没有包含签名)返回0退出代码,从而使使用gpgv的程序认为已顺利完成签名验证。注意:当运行类似的命令\”gpg –verify\”时也会出现这种情况。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
GNU GNU Privacy Guard 1.0
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
GNU GNU Privacy Guard 1.0 .6
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
GNU GNU Privacy Guard 1.0.1
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
GNU GNU Privacy Guard 1.0.2
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
GNU GNU Privacy Guard 1.0.3
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
GNU GNU Privacy Guard 1.0.4
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
GNU finger 1.0.7
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
GNU GNU Privacy Guard 1.0.7
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
Mandriva gnupg-1.0.7-3.4.C21mdk.i586.rpm
Corporate Server 2.1:
http://www.mandriva.com/en/download
Mandriva gnupg-1.0.7-3.4.C21mdk.src.rpm
Corporate Server 2.1:
http://www.mandriva.com/en/download
Mandriva gnupg-1.0.7-3.4.C21mdk.x86_64.rpm
Corporate Server 2.1:
http://www.mandriva.com/en/download
GNU GNU Privacy Guard 1.2.1
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
GNU GNU Privacy Guard 1.2.2 -rc1
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
GNU GNU Privacy Guard 1.2.2 -r1
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
GNU GNU Privacy Guard 1.2.3
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
GNU GNU Privacy Guard 1.2.4
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
Mandriva gnupg-1.2.4-1.2.101mdk.i586.rpm
Mandriva Linux 10.1:
http://www.mandriva.com/en/download
Mandriva gnupg-1.2.4-1.2.101mdk.src.rpm
Mandriva Linux 10.1:
http://www.mandriva.com/en/download
Mandriva gnupg-1.2.4-1.2.101mdk.x86_64.rpm
Mandriva Linux 10.1:
http://www.mandriva.com/en/download
Mandriva gnupg-1.2.4-1.2.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva gnupg-1.2.4-1.2.C30mdk.src.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva gnupg-1.2.4-1.2.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Ubuntu gnupg_1.2.4-4ubuntu2.2_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubunt u2.2_amd64.deb
Ubuntu gnupg_1.2.4-4ubuntu2.2_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubunt u2.2_i386.deb
Ubuntu gnupg_1.2.4-4ubuntu2.2_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubunt u2.2_powerpc.deb
GNU GNU Privacy Guard 1.2.6
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
Trustix gnupg-1.4.2.1-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates
Trustix gnupg-utils-1.4.2.1-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates
GNU GNU Privacy Guard 1.3.3
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
GNU GNU Privacy Guard 1.3.4
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
GNU GNU Privacy Guard 1.4
GNU gnupg-1.4.2.1.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1.tar.bz2
Mandriva gnupg-1.4.0-4.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download
Mandriva gnupg-1.4.0-4.1.102mdk.src.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download
Mandriva gnupg-1.4.0-4.1.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download
GNU GNU Privacy Guard 1.4.1
Debian gnupg_1.4.1-1sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1sarg e1_alpha.deb
Debian gnupg_1.4.1-1sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
参考网址
来源: DEBIAN
名称: DSA-978
链接:http://www.us.debian.org/security/2006/dsa-978
来源: SLACKWARE
名称: SSA:2006-072-02
链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477
来源: BID
名称: 16663
链接:http://www.securityfocus.com/bid/16663
来源: SUSE
名称: SUSE-SA:2006:009
链接:http://www.novell.com/linux/security/advisories/2006_09_gpg.html
来源: GENTOO
名称: GLSA-200602-10
链接:http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml
来源: SECUNIA
名称: 18968
链接:http://secunia.com/advisories/18968
来源: SECUNIA
名称: 18956
链接:http://secunia.com/advisories/18956
来源: SECUNIA
名称: 18955
链接:http://secunia.com/advisories/18955
来源: SECUNIA
名称: 18942
链接:http://secunia.com/advisories/18942
来源: SECUNIA
名称: 18934
链接:http://secunia.com/advisories/18934
来源: SECUNIA
名称: 18933
链接:http://secunia.com/advisories/18933
来源: MLIST
名称: [gnupg-devel] 20060215 [Announce] False positive signature verification in GnuPG
链接:http://marc.theaimsgroup.com/?l=gnupg-devel&m=113999098729114&w=2
来源: MLIST
名称: [gnupg-devel] 20060215 [Announce] False positive signature verification in GnuPG
链接:http://marc.theaimsgroup.com/?l=gnupg-devel&m=113999098729114&w=2
来源: MLIST
名称: [gnupg-devel] 20060215 [Announce] False positive signature verification in GnuPG
链接:http://marc.theaimsgroup.com/?l=gnupg-devel&m=113999098729114&w=2
来源: XF
名称: gnupg-gpgv-improper-verification(24744)
链接:http://xforce.iss.net/xforce/xfdb/24744
来源: UBUNTU
名称: USN-252-1
链接:http://www.ubuntu.com/usn/usn-252-1
来源: TRUSTIX
名称: 2006-0008
链接:http://www.trustix.org/errata/2006/0008
来源: FEDORA
名称: FLSA-2006:185355
链接:http://www.securityfocus.com/archive/1/archive/1/433931/100/0/threaded
来源: BUGTRAQ
名称: 20060215 False positive signature verification in GnuPG
链接:http://www.securityfocus.com/archive/1/archive/1/425289/100/0/threaded
来源: REDHAT
名称: RHSA-2006:0266
链接:http://www.redhat.com/support/errata/RHSA-2006-0266.html
来源: OSVDB
名称: 23221
来源: OPENPKG
名称: OpenPKG-SA-2006.001
链接:http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html
来源: SUSE
名称: SUSE-SA:2006:013
链接:http://www.novell.com/linux/security/advisories/2006_13_gpg.html
来源: SUSE
名称: SUSE-SR:2006:005
链接:http://www.novell.com/linux/security/advisories/2006_05_sr.html
来源: VUPEN
名称: ADV-2006-0610
链接:http://www.frsirt.com/english/advisories/2006/0610
来源: SECUNIA
名称: 19532
链接:http://secunia.com/advisories/19532
来源: SECUNIA
名称: 19249
链接:http://secunia.com/advisories/19249
来源: SECUNIA
名称: 19130
链接:http://secunia.com/advisories/19130
来源: SECUNIA
名称: 18845
链接:http://secunia.com/advisories/18845
来源: MLIST
名称: [gnupg-devel] 20060215 [Announce] False positive signature verification in GnuPG
链接:http://marc.theaimsgroup.com/?l=gnupg-devel&m=113999098729114&w=2
来源: MLIST
名称: [gnupg-announce] 20060215 False positive signature verification in GnuPG
链接:http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
来源: MANDRIVA
名称: MDKSA-2006:043
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:043
来源: FEDORA
名称: FEDORA-2006-116
链接:http://fedoranews.org/updates/FEDORA-2006-116.shtml
来源: SGI
名称: 20060401-01-U
链接:ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
来源: MANDRIVA
名称: MDKSA-2006:043
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:043
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
