Gerardo Richarte

Name of the Vulnerable Software and Affected Versions: GnuPG versions 1.0.7 through 1.2.6 GnuPG versions 1.4.6 and earlier Description: The issue may lead to a breach of confidentiality, integrity, and availability of protected information. It can be exploited remotely. The problem is related to the visual distinction of signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection. Recommendations: For GnuPG versions 1.0.7 through 1.2.6, update to a version later than 1.2.6 to resolve the issue. For GnuPG versions 1.4.6 and earlier, update to a version later than 1.4.6 to resolve the issue. As a temporary workaround, consider visually verifying the authenticity of OpenPGP messages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** KMail versions 1.9.5 and earlier **Description** The issue prevents KMail from properly distinguishing between signed and unsigned portions of OpenPGP messages with multiple components. This allows remote attackers to forge the contents of a message without detection, as KMail does not correctly utilize the --status-fd argument when invoking GnuPG. **Recommendations** For versions 1.9.5 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Evolution versions 2.8.1 and earlier **Description** The issue prevents Evolution from properly distinguishing between signed and unsigned portions of OpenPGP messages with multiple components. This allows remote attackers to forge the contents of a message without detection. **Recommendations** For Evolution versions 2.8.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNUMail versions 1.1.2 and earlier **Description** The issue prevents GNUMail from properly distinguishing between signed and unsigned portions of OpenPGP messages with multiple components. This allows remote attackers to forge the contents of a message without detection. **Recommendations** For versions 1.1.2 and earlier, update to a version that properly handles the --status-fd argument when invoking GnuPG to prevent message forgery.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows NT 4.0 Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 **Description** A denial of service issue exists due to the way the Server service handles certain network messages. This can be exploited by sending a specially crafted network message, potentially causing the system to crash. The issue is related to the `ExecuteTransaction` function and the handling of SMB messages without null character termination, which can lead to a NULL dereference. **Recommendations** For Microsoft Windows NT 4.0, consider disabling the Server service until a patch is available. For Microsoft Windows 2000, restrict access to the Server service to minimize the risk of exploitation. For Microsoft Windows XP, avoid using the Server service for critical operations until the issue is resolved. For Microsoft Windows Server 2003, consider implementing network message filtering to block specially crafted messages.