CVE-2007-1267
Summary
| CVE | CVE-2007-1267 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-03-06 20:19:00 UTC |
| Updated | 2018-10-16 16:37:00 UTC |
| Description | Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Sylpheed "--status-fd" Incorrect GnuPG Usage - Advisories - Secunia | SECUNIA | secunia.com | |
| Core Security | CoreLabs | MISC | www.coresecurity.com | Exploit, Vendor Advisory |
| Webmail - OVH | VUPEN | www.vupen.com | |
| GnuPG and GnuPG clients unsigned data injection vulnerability - CXSecurity.com | SREASON | securityreason.com | |
| [Announce] Multiple Messages Problem in GnuPG and GPGME | MLIST | lists.gnupg.org | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Sylpheed GnuPG Arbitrary Content Injection Vulnerability | BID | www.securityfocus.com | |
| GnuPG and Several E-mail Clients Let Remote Users Inject Unsigned Data into Signed Messages - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.