Vulnerability Name:

CVE-2007-1266 (CCN-32925)

Assigned:2007-03-05
Published:2007-03-05
Updated:2018-10-16
Summary:Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:C/A:N)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:C/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2007-1263

Source: MITRE
Type: CNA
CVE-2007-1264

Source: MITRE
Type: CNA
CVE-2007-1265

Source: MITRE
Type: CNA
CVE-2007-1266

Source: MITRE
Type: CNA
CVE-2007-1267

Source: MITRE
Type: CNA
CVE-2007-1268

Source: MITRE
Type: CNA
CVE-2007-1269

Source: CCN
Type: Enigmail Web site
mozdev.org - enigmail: index

Source: CCN
Type: KMail Web site
Kontact Homepage - KMail: Kontact Mail

Source: CCN
Type: GnuPG-Users Mailing List, Tue Mar 6 09:02:45 CET 2007
Multiple Messages Problem in GnuPG and GPGME

Source: MLIST
Type: UNKNOWN
[gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME

Source: CCN
Type: RHSA-2007-0106
Important: gnupg security update

Source: CCN
Type: RHSA-2007-0107
Important: gnupg security update

Source: CCN
Type: SA24412
Evolution "--status-fd" Incorrect GnuPG Usage

Source: SECUNIA
Type: UNKNOWN
24412

Source: CCN
Type: SA24413
KMail "--status-fd" Incorrect GnuPG Usage

Source: CCN
Type: SA24414
Sylpheed "--status-fd" Incorrect GnuPG Usage

Source: CCN
Type: SA24415
Mutt "--status-fd" Incorrect GnuPG Usage

Source: CCN
Type: SA24416
Enigmail "--status-fd" Incorrect GnuPG Usage

Source: CCN
Type: SA24417
GNUMail "--status-fd" Incorrect GnuPG Usage

Source: CCN
Type: SA24875
Avaya Products Incorrect GnuPG Usage

Source: SREASON
Type: UNKNOWN
2353

Source: CCN
Type: SECTRACK ID: 1017727
GnuPG and Several E-mail Clients Let Remote Users Inject Unsigned Data into Signed Messages

Source: CCN
Type: ASA-2007-144
gnupg security update (RHSA-2007-0106)

Source: CCN
Type: Sylpheed Web site
Sylpheed - lightweight and user-friendly e-mail client -

Source: CCN
Type: GNUMail Web site
collaboration-world > GNUMail

Source: MISC
Type: Exploit, Patch, Vendor Advisory
http://www.coresecurity.com/?action=item&id=1687

Source: CCN
Type: Core Security Technologies - CoreLabs Advisory CORE-2007-0115
GnuPG and GnuPG clients unsigned data injection vulnerability

Source: DEBIAN
Type: DSA-1266
gnupg -- several vulnerabilities

Source: CCN
Type: Evolution Web site
Evolution

Source: CCN
Type: GnuPG Web site
Download - GnuPG.org

Source: CCN
Type: GPGME Web site
GPGME - GnuPG.org

Source: CCN
Type: Mutt Web site
The Mutt E-Mail Client

Source: CCN
Type: OSVDB ID: 33502
Multiple Mail Client --status-fd GnuPG Invocation Spoofed Content Weakness

Source: BUGTRAQ
Type: UNKNOWN
20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability

Source: CCN
Type: BID-22757
GnuPG Signed Message Arbitrary Content Injection Weakness

Source: CCN
Type: BID-22758
Enigmail GnuPG Arbitrary Content Injection Vulnerability

Source: CCN
Type: BID-22759
KMail GnuPG Arbitrary Content Injection Vulnerability

Source: BID
Type: UNKNOWN
22760

Source: CCN
Type: BID-22760
Gnome Evolution GnuPG Arbitrary Content Injection Vulnerability

Source: CCN
Type: BID-22777
Sylpheed GnuPG Arbitrary Content Injection Vulnerability

Source: CCN
Type: BID-22778
Mutt GnuPG Arbitrary Content Injection Vulnerability

Source: CCN
Type: BID-22779
GNUMail.App GnuPG Arbitrary Content Injection Vulnerability

Source: SECTRACK
Type: UNKNOWN
1017727

Source: CCN
Type: USN-432-1
GnuPG vulnerability

Source: CCN
Type: USN-432-2
GnuPG2

Source: VUPEN
Type: UNKNOWN
ADV-2007-0835

Source: XF
Type: UNKNOWN
gnupg-multiple-statusfd-security-bypass(32925)

Source: SUSE
Type: SUSE-SA:2007:024
gpg signature bypassing

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnome:evolution:*:*:*:*:*:*:*:* (Version <= 2.8.1)

    • Configuration CCN 1:
  • cpe:/a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:evolution:2.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gpgme:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.4.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.4.4:*:*:*:*:*:*:*
  • AND
  • cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_school_server:-:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    gnome evolution *
    gnu privacy guard 1.0
    gnu privacy guard 1.0.1
    gnu privacy guard 1.0.2
    gnu privacy guard 1.0.3
    gnu privacy guard 1.0.4
    gnu privacy guard 1.0.5
    gnu privacy guard 1.2.3
    gnu privacy guard 1.3.3
    gnu privacy guard 1.4.5
    gnome evolution 2.8.1
    gnupg gnupg 1.4.6
    gnu gpgme 1.1.3
    gnu privacy guard 1.0.6
    gnu privacy guard 1.0.7
    gnu privacy guard 1.2
    gnu privacy guard 1.2.1
    gnu privacy guard 1.2.2
    gnu privacy guard 1.2.4
    gnu privacy guard 1.2.5
    gnu privacy guard 1.2.6
    gnu privacy guard 1.2.7
    gnu privacy guard 1.3.4
    gnu privacy guard 1.4
    gnu privacy guard 1.4.1
    gnu privacy guard 1.4.2
    gnu privacy guard 1.4.2.1
    gnu privacy guard 1.4.2.2
    gnu privacy guard 1.4.3
    gnu privacy guard 1.4.4
    suse linux enterprise server 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    suse suse linux school server -
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    novell open enterprise server *
    mandrakesoft mandrake multi network firewall 2.0
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    canonical ubuntu 6.06
    suse suse linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 5
    novell open enterprise server *
    novell opensuse 10.2
    suse suse linux 9.3