让您全面了解并上手亿速云产品
常见入门级使用教程
对外 API 开发文档中心
您历史提交的工单
您的每一条意见,我们都严谨处理
您的每一条建议,我们都认真对待
CNNVD-ID编号 | CNNVD-200603-226 | CVE编号 | CVE-2006-0049 |
发布时间 | 2006-03-13 | 更新时间 | 2006-03-14 |
漏洞类型 | 设计错误 | 漏洞来源 | Werner Koch wk@gnupg.org Tavis Ormandy taviso@gentoo.org |
危险等级 | 中危 | 威胁类型 | 远程 |
厂商 | gnu |
GnuPG是基于OpenPGP标准的PGP加密、解密、签名工具。
GnuPG在处理邮件内置的签名时存在验证漏洞,攻击者可能利用此漏洞在邮件中插入额外的数据。
GnuPG在提取已签名的数据时,数据可能前置或后缀了签名没有没有覆盖到的额外数据,这样攻击者就可以利用签名消息注入额外的任意数据。
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
GNU GNU Privacy Guard 1.0
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.0 .6
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.0.1
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.0.2
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.0.3
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.0.4
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU finger 1.0.7
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.0.7
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.2.1
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
Slackware gnupg-1.4.2.2-i386-1.tgz
Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/g nupg-1.4.2.2-i386-1.tgz
GNU GNU Privacy Guard 1.2.2 -rc1
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.2.2 -r1
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.2.3
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
Slackware gnupg-1.4.2.2-i486-1.tgz
Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ gnupg-1.4.2.2-i486-1.tgz
Slackware gnupg-1.4.2.2-i486-1.tgz
Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/g nupg-1.4.2.2-i486-1.tgz
GNU GNU Privacy Guard 1.2.4
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
Mandriva gnupg-1.4.2.2-0.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva gnupg-1.4.2.2-0.1.C30mdk.i586.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads/
Mandriva gnupg-1.4.2.2-0.1.C30mdk.src.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva gnupg-1.4.2.2-0.1.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva gnupg-1.4.2.2-0.1.C30mdk.x86_64.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads/
Mandriva gnupg-1.4.2.2-0.1.M20mdk.i586.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads/
Slackware gnupg-1.4.2.2-i486-1.tgz
Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ gnupg-1.4.2.2-i486-1.tgz
SuSE gpg-1.2.4-68.13.i586.rpm
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/gpg-1.2.4-68.13.i 586.rpm
SuSE gpg-1.2.4-68.13.x86_64.rpm
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/gpg-1.2.4-68. 13.x86_64.rpm
Ubuntu gnupg_1.2.4-4ubuntu2.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubunt u2.3_amd64.deb
Ubuntu gnupg_1.2.4-4ubuntu2.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubunt u2.3_i386.deb
Ubuntu gnupg_1.2.4-4ubuntu2.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubunt u2.3_powerpc.deb
Ubuntu gpgv-udeb_1.4.1-1ubuntu1.2_i386.udeb
Updated packages for Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1u buntu1.2_i386.udeb
Ubuntu gpgv-udeb_1.4.1-1ubuntu1.2_powerpc.udeb
Updated packages for Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1u buntu1.2_powerpc.udeb
GNU GNU Privacy Guard 1.2.6
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
Trustix gnupg-1.2.6-2tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix gnupg-1.4.2.2-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates
Trustix gnupg-utils-1.2.6-2tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix gnupg-utils-1.4.2.2-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates
GNU GNU Privacy Guard 1.3.3
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU
来源: BID
名称: 17058
来源: BUGTRAQ
名称: 20060309 GnuPG does not detect injection of unsigned data
链接:http://www.securityfocus.com/archive/1/archive/1/427324/100/0/threaded
来源: OSVDB
名称: 23790
来源: GENTOO
名称: GLSA-200603-08
链接:http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml
来源: VUPEN
名称: ADV-2006-0915
来源: DEBIAN
名称: DSA-993
来源: SECTRACK
名称: 1015749
来源: SECUNIA
名称: 19173
来源: MLIST
名称: [gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data
链接:http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
来源: UBUNTU
名称: USN-264-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-264-1
来源: XF
名称: gnupg-nondetached-sig-verification(25184)
来源: TRUSTIX
名称: 2006-0014
来源: SLACKWARE
名称: SSA:2006-072-02
链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477
来源: FEDORA
名称: FLSA-2006:185355
链接:http://www.securityfocus.com/archive/1/archive/1/433931/100/0/threaded
来源: REDHAT
名称: RHSA-2006:0266
来源: FEDORA
名称: FEDORA-2006-147
链接:http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html
来源: MANDRIVA
名称: MDKSA-2006:055
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:055
来源: SREASON
名称: 568
来源: SREASON
名称: 450
来源: SECUNIA
名称: 19532
来源: SECUNIA
名称: 19287
来源: SECUNIA
名称: 19249
来源: SECUNIA
名称: 19244
来源: SECUNIA
名称: 19234
来源: SECUNIA
名称: 19232
来源: SECUNIA
名称: 19231
来源: SECUNIA
名称: 19203
来源: SECUNIA
名称: 19197
来源: SUSE
名称: SUSE-SA:2006:014
链接:http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html
来源: MANDRIVA
名称: MDKSA-2006:055
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:055