Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2003:061 (gnupg)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50720

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2003:061 (gnupg)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to gnupg
announced via advisory MDKSA-2003:061.

A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg
evaluates trust values for different UIDs assigned to a key, it would
incorrectly associate the trust value of the UID with the highest
trust value with every other UID assigned to that key. This prevents
a warning message from being given when attempting to encrypt to an
invalid UID, but due to the bug, is accepted as valid.

Patches have been applied for version 1.0.7 and all users are
encouraged to upgrade.

Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1,
Multi Network Firewall 8.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0255
http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: BugTraq ID: 7497
Common Vulnerability Exposure (CVE) ID: CVE-2003-0255
http://www.securityfocus.com/bid/7497
Bugtraq: 20030504 Key validity bug in GnuPG 1.2.1 and earlier (Google Search)
http://marc.info/?l=bugtraq&m=105215110111174&w=2
Bugtraq: 20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg) (Google Search)
http://marc.info/?l=bugtraq&m=105311804129104&w=2
Bugtraq: 20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04) (Google Search)
http://marc.info/?l=bugtraq&m=105362224514081&w=2
CERT/CC vulnerability note: VU#397604
http://www.kb.cert.org/vuls/id/397604
Conectiva Linux advisory: CLA-2003:694
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694
En Garde Linux Advisory: 20030515-016
http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html
En Garde Linux Advisory: ESA-20030515-016
http://marc.info/?l=bugtraq&m=105301357425157&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2003:061
http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html
http://www.osvdb.org/4947
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135
http://www.redhat.com/support/errata/RHSA-2003-175.html
http://www.redhat.com/support/errata/RHSA-2003-176.html
SCO Security Bulletin: CSSA-2003-034.0
TurboLinux Advisory: TLSA200334
http://www.turbolinux.com/security/TLSA-2003-34.txt
XForce ISS Database: gnupg-invalid-key-acceptance(11930)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11930

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50720
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2003:061 (gnupg)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to gnupg announced via advisory MDKSA-2003:061. A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid. Patches have been applied for version 1.0.7 and all users are encouraged to upgrade. Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:061 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0255 http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	BugTraq ID: 7497 Common Vulnerability Exposure (CVE) ID: CVE-2003-0255 http://www.securityfocus.com/bid/7497 Bugtraq: 20030504 Key validity bug in GnuPG 1.2.1 and earlier (Google Search) http://marc.info/?l=bugtraq&m=105215110111174&w=2 Bugtraq: 20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg) (Google Search) http://marc.info/?l=bugtraq&m=105311804129104&w=2 Bugtraq: 20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04) (Google Search) http://marc.info/?l=bugtraq&m=105362224514081&w=2 CERT/CC vulnerability note: VU#397604 http://www.kb.cert.org/vuls/id/397604 Conectiva Linux advisory: CLA-2003:694 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694 En Garde Linux Advisory: 20030515-016 http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html En Garde Linux Advisory: ESA-20030515-016 http://marc.info/?l=bugtraq&m=105301357425157&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:061 http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html http://www.osvdb.org/4947 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135 http://www.redhat.com/support/errata/RHSA-2003-175.html http://www.redhat.com/support/errata/RHSA-2003-176.html SCO Security Bulletin: CSSA-2003-034.0 TurboLinux Advisory: TLSA200334 http://www.turbolinux.com/security/TLSA-2003-34.txt XForce ISS Database: gnupg-invalid-key-acceptance(11930) https://exchange.xforce.ibmcloud.com/vulnerabilities/11930
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com