CVE-2012-6581 Information

Description

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 when GnuPG is enabled allows remote attackers to bypass intended restrictions on reading keys in the product’s keyring and trigger outbound e-mail messages signed by an arbitrary stored secret key by leveraging a UI e-mail signing privilege.

Reference

http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html