42085 – (CVE-2003-0255) VUL-0: CVE-2003-0255: gnupg key validation problem

Bug 42085 (CVE-2003-0255) - VUL-0: CVE-2003-0255: gnupg key validation problem

Summary: VUL-0: CVE-2003-0255: gnupg key validation problem

Status:	RESOLVED DUPLICATE of bug 42242

Alias:	CVE-2003-0255

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	All Linux

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Kurt Garloff
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2003-0255: CVSS v2 Base Score: 10...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2003-05-23 17:07 UTC by Marcus Meissner
Modified:	2021-10-03 13:27 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2003-05-23 17:07:48 UTC

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0255 
 
The key validation code in GnuPG before 1.2.2 does not properly determine the validity 
of keys with multiple user IDs and assigns the greatest validity of the most valid user 
ID, which prevents GnuPG from warning the encrypting user when a user ID does not 
have a trusted path.

Comment 1 Marcus Meissner 2003-05-23 17:07:48 UTC

<!-- SBZ_reproduce  -->
no clue.

Comment 2 Marcus Meissner 2003-05-28 21:14:50 UTC

PING. Garloff was on vacation, back next Monday...

Comment 3 Kurt Garloff 2003-07-10 21:24:37 UTC


*** This bug has been marked as a duplicate of 42242 ***

Comment 4 Thomas Biege 2009-10-13 19:34:38 UTC

CVE-2003-0255: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)