OpenPGP Message Forgery Vulnerability in KMail from KDE
CVE-2007-1265

Currently unrated

Key Information:

Vendor: Kde
Status: K-mail
Vendor: CVE Published:; 6 March 2007

What is CVE-2007-1265?

KMail versions 1.9.5 and earlier have a flaw in how they handle the --status-fd argument while invoking GnuPG. This issue prevents KMail from effectively distinguishing between signed and unsigned sections of OpenPGP messages containing multiple parts. Consequently, remote attackers can exploit this vulnerability to craft and send modified messages that appear legitimate, evading detection measures and potentially misleading users.

References

http://lists.gnupg.org/pipermail/gnupg-users/2007-March/0...

mailing-listx_refsource_MLIST

http://securityreason.com/securityalert/2353

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/461958/30/7710/thr...

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2007
Vulnerability Reserved
Mar 4, 2007

CVE-2007-1265 Data

JSON

Kde

What is CVE-2007-1265?

References

Timeline