|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
Gnu Privacy Guard contains a flaw that may allow a malicious user to inject unsigned data into a signed message. The issue is triggered when unsigned PGP packets are prepended or appended to legitimately signed packet streams. It is possible that the flaw may allow injected data to appear signed resulting in a loss of integrity.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Cryptographic
Impact:
Loss of Integrity
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 1.4.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
GNU Privacy Guard
 |
1.4.2.1 |
|
|
|
|
|
|
Credit |
- Gentoo Linux Security Auditing Team - Gentoo Linux Security Auditing Team
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|