OpenPGP Message Forgery Vulnerability in KMail from KDE
CVE-2007-1265

Currently unrated

Key Information:

Vendor

Kde

Status
K-mail
Vendor
CVE Published:
6 March 2007

What is CVE-2007-1265?

KMail versions 1.9.5 and earlier have a flaw in how they handle the --status-fd argument while invoking GnuPG. This issue prevents KMail from effectively distinguishing between signed and unsigned sections of OpenPGP messages containing multiple parts. Consequently, remote attackers can exploit this vulnerability to craft and send modified messages that appear legitimate, evading detection measures and potentially misleading users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.gnupg.org/pipermail/gnupg-users/2007-March/0...
mailing-listx_refsource_MLIST
http://securityreason.com/securityalert/2353
third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/archive/1/461958/30/7710/thr...
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.