PT-2013-2032 · Gnu+1 · Gnupg+1

Published

2013-07-24

Updated

2013-07-24

CVE-2012-6578

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Best Practical Solutions RT versions 3.8.x through 3.8.14 Best Practical Solutions RT versions 4.0.x through 4.0.7

Description The issue occurs when GnuPG is enabled with a "Sign by default" queue configuration, allowing the use of a queue's key for signing. This might enable remote attackers to spoof messages by exploiting the lack of authentication semantics.

Recommendations For versions 3.8.x through 3.8.14, update to version 3.8.15 or later. For versions 4.0.x through 4.0.7, update to version 4.0.8 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2012-6578

DSA-2567-1

Affected Products

Gnupg

PT-2013-2032 · Gnu+1 · Gnupg+1

CVE-2012-6578

Weakness Enumeration

Related Identifiers

Affected Products

References · 10