07 April 2006 | 3,680 views

Serious Vulnerability/Flaw Found in GPG – GnuPG

Check For Vulnerabilities with Acunetix

Just in case you didn’t read it, found this one in the archives.

A serious problem in the use of GPG to verify digital signatures has been discovered, which also affects the use of gpg in email. It is possible for an attacker to take any signed message and inject extra arbitrary data without affecting the signed status of the message. Depending on how gpg is invoked, it may be possible to output just faked data as several variants of this attack have been discovered. All versions of gnupg prior to 1.4.2.2 are affected, and it is thus recommended to update GnuPG as soon as possible to version 1.4.2.2

The problem is discussed in full here.

This new problem affects the use of *gpg* for verification of signatures which are _not_ detached signatures. The problem also affects verification of signatures embedded in encrypted messages; i.e. standard use of gpg for mails.

Keep it updated.

Advertisements



Recent in Exploits/Vulnerabilities:
- Pinterest Bug Bounty Program Starts Paying
- Rowhammer – DDR3 Exploit – What You Need To Know
- Santoku Linux – Mobile Forensics, Malware Analysis, and App Security Testing LiveCD

Related Posts:
- Just Crypt It – How To Send A File Securely Without Additional Software
- GHOST Vulnerability In glibc – Everything You Need To Know
- w3bfukk0r 0.2 Forced Browsing Tool Released

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 229,917 views
- AJAX: Is your application secure enough? - 119,451 views
- eEye Launches 0-Day Exploit Tracker - 85,214 views

Advertise on Darknet

Comments are closed.