CVE-2007-1263

Published: Mar 6, 2007Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.

Affected (2)

Products: Gnu: Gpgme · Gnupg: Gnupg

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gnu Gpgme	Up to 1.1.3
Gnupg Gnupg	Up to 1.4.6

References (66)

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc (unsafe URL)

Source: cve@mitre.org

http://fedoranews.org/cms/node/2775

Source: cve@mitre.org

http://fedoranews.org/cms/node/2776

Source: cve@mitre.org

http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html

Source: cve@mitre.org

http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html

Source: cve@mitre.org

http://secunia.com/advisories/24365

Source: cve@mitre.org

http://secunia.com/advisories/24407

Source: cve@mitre.org

http://secunia.com/advisories/24419

Source: cve@mitre.org

http://secunia.com/advisories/24420

Source: cve@mitre.org

http://secunia.com/advisories/24438

Source: cve@mitre.org

http://secunia.com/advisories/24489

Source: cve@mitre.org

http://secunia.com/advisories/24511

Source: cve@mitre.org

http://secunia.com/advisories/24544

Source: cve@mitre.org

http://secunia.com/advisories/24650

Source: cve@mitre.org

http://secunia.com/advisories/24734

Source: cve@mitre.org

http://secunia.com/advisories/24875

Source: cve@mitre.org

http://securityreason.com/securityalert/2353

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm

Source: cve@mitre.org

http://www.coresecurity.com/?action=item&id=1687

Source: cve@mitre.org

PatchVendor Advisory

http://www.debian.org/security/2007/dsa-1266

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2007:059

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0106.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0107.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/461958/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/461958/30/7710/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/22757

Source: cve@mitre.org

http://www.securitytracker.com/id?1017727

Source: cve@mitre.org

http://www.trustix.org/errata/2007/0009/

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-432-1

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-432-2

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/0835

Source: cve@mitre.org

https://issues.rpath.com/browse/RPL-1111

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10496

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc (unsafe URL)