Vulnerability Details : CVE-2007-1263
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
Products affected by CVE-2007-1263
- cpe:2.3:a:gnu:gpgme:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-1263
34.77%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-1263
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2007-1263
-
http://securityreason.com/securityalert/2353
GnuPG and GnuPG clients unsigned data injection vulnerability - CXSecurity.com
-
http://www.redhat.com/support/errata/RHSA-2007-0107.html
Support
-
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
-
http://www.securityfocus.com/bid/22757
-
http://www.securityfocus.com/archive/1/461958/100/0/threaded
-
http://www.debian.org/security/2007/dsa-1266
[SECURITY] [DSA 1266-1] New gnupg packages fix signature forgery
-
http://www.trustix.org/errata/2007/0009/
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.redhat.com/support/errata/RHSA-2007-0106.html
Support
-
http://fedoranews.org/cms/node/2775
404 Not Found
-
http://www.vupen.com/english/advisories/2007/0835
Site en construction
-
http://www.coresecurity.com/?action=item&id=1687
Core Security | Cyber Threat Prevention & Identity GovernancePatch;Vendor Advisory
-
http://www.securityfocus.com/archive/1/461958/30/7710/threaded
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:059
Mandriva
-
http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html
[Announce] Multiple Messages Problem in GnuPG and GPGME
-
http://www.ubuntu.com/usn/usn-432-1
USN-432-1: GnuPG vulnerability | Ubuntu security notices | Ubuntu
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10496
404 Not Found
-
https://issues.rpath.com/browse/RPL-1111
-
http://www.securitytracker.com/id?1017727
GoDaddy Domain Name Search
-
http://fedoranews.org/cms/node/2776
404 Not Found
-
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html
Object not found!
-
http://www.ubuntu.com/usn/usn-432-2
USN-432-2: GnuPG2, GPGME vulnerability | Ubuntu security notices | Ubuntu
-
http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm
ASA-2007-144 (RHSA-2007-0106)
Jump to