Test ID:	1.3.6.1.4.1.25623.1.0.56400
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 993-1 (gnupg)
Summary:	The remote host is missing an update to gnupg announced via advisory DSA 993-1. Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP replacement, can be tricked to emit a good signature status message when a valid signature is included which does not belong to the data packet. The old stable distribution (woody) is not affected by this problem.;; This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-993)' (OID: 1.3.6.1.4.1.25623.1.0.56404).
Description:	Summary: The remote host is missing an update to gnupg announced via advisory DSA 993-1. Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP replacement, can be tricked to emit a good signature status message when a valid signature is included which does not belong to the data packet. The old stable distribution (woody) is not affected by this problem. This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-993)' (OID: 1.3.6.1.4.1.25623.1.0.56404). Solution: For the stable distribution (sarge) this problem has been fixed in version 1.4.1-1.sarge3. For the unstable distribution (sid) this problem has been fixed in version 1.4.2.2-1. We recommend that you upgrade your gnupg package. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0049 BugTraq ID: 17058 http://www.securityfocus.com/bid/17058 Bugtraq: 20060309 GnuPG does not detect injection of unsigned data (Google Search) http://www.securityfocus.com/archive/1/427324/100/0/threaded Debian Security Information: DSA-993 (Google Search) http://www.debian.org/security/2006/dsa-993 http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html http://www.securityfocus.com/archive/1/433931/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:055 http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html http://www.osvdb.org/23790 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063 http://www.redhat.com/support/errata/RHSA-2006-0266.html http://securitytracker.com/id?1015749 http://secunia.com/advisories/19173 http://secunia.com/advisories/19197 http://secunia.com/advisories/19203 http://secunia.com/advisories/19231 http://secunia.com/advisories/19232 http://secunia.com/advisories/19234 http://secunia.com/advisories/19244 http://secunia.com/advisories/19249 http://secunia.com/advisories/19287 http://secunia.com/advisories/19532 SGI Security Advisory: 20060401-01-U ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477 http://securityreason.com/securityalert/450 http://securityreason.com/securityalert/568 SuSE Security Announcement: SUSE-SA:2006:014 (Google Search) http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html http://www.trustix.org/errata/2006/0014 https://usn.ubuntu.com/264-1/ http://www.vupen.com/english/advisories/2006/0915 XForce ISS Database: gnupg-nondetached-sig-verification(25184) https://exchange.xforce.ibmcloud.com/vulnerabilities/25184
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.