ID de Prueba:	1.3.6.1.4.1.25623.1.0.56391
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: gnupg
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: gnupg CVE-2006-0049 gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0049 BugTraq ID: 17058 http://www.securityfocus.com/bid/17058 Bugtraq: 20060309 GnuPG does not detect injection of unsigned data (Google Search) http://www.securityfocus.com/archive/1/427324/100/0/threaded Debian Security Information: DSA-993 (Google Search) http://www.debian.org/security/2006/dsa-993 http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html http://www.securityfocus.com/archive/1/433931/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:055 http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html http://www.osvdb.org/23790 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063 http://www.redhat.com/support/errata/RHSA-2006-0266.html http://securitytracker.com/id?1015749 http://secunia.com/advisories/19173 http://secunia.com/advisories/19197 http://secunia.com/advisories/19203 http://secunia.com/advisories/19231 http://secunia.com/advisories/19232 http://secunia.com/advisories/19234 http://secunia.com/advisories/19244 http://secunia.com/advisories/19249 http://secunia.com/advisories/19287 http://secunia.com/advisories/19532 SGI Security Advisory: 20060401-01-U ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477 http://securityreason.com/securityalert/450 http://securityreason.com/securityalert/568 SuSE Security Announcement: SUSE-SA:2006:014 (Google Search) http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html http://www.trustix.org/errata/2006/0014 https://usn.ubuntu.com/264-1/ http://www.vupen.com/english/advisories/2006/0915 XForce ISS Database: gnupg-nondetached-sig-verification(25184) https://exchange.xforce.ibmcloud.com/vulnerabilities/25184
Copyright	Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.