Vulnerability Description
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Privacy Guard | 1.0 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
- http://fedoranews.org/updates/FEDORA-2006-116.shtml
- http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
- http://marc.info/?l=gnupg-devel&m=113999098729114&w=2
- http://secunia.com/advisories/18845Vendor Advisory
- http://secunia.com/advisories/18933PatchVendor Advisory
- http://secunia.com/advisories/18934PatchVendor Advisory
- http://secunia.com/advisories/18942PatchVendor Advisory
- http://secunia.com/advisories/18955PatchVendor Advisory
- http://secunia.com/advisories/18956PatchVendor Advisory
- http://secunia.com/advisories/18968PatchVendor Advisory
- http://secunia.com/advisories/19130Vendor Advisory
- http://secunia.com/advisories/19249Vendor Advisory
- http://secunia.com/advisories/19532Vendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200602-10.xmlPatchVendor Advisory
FAQ
What is CVE-2006-0455?
CVE-2006-0455 is a vulnerability with a CVSS score of 4.6 (MEDIUM). gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause p...
How severe is CVE-2006-0455?
CVE-2006-0455 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0455?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Privacy Guard.