Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57219
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-332-1 (gnupg)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to gnupg
announced via advisory USN-332-1.

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Evgeny Legerov discovered that gnupg did not sufficiently check the
validity of the comment and a control field. Specially crafted GPG
data could cause a buffer overflow. This could be exploited to execute
arbitrary code with the user's privileges if an attacker can trick an
user into processing a malicious encrypted/signed document with gnupg.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
gnupg 1.2.5-3ubuntu5.5

Ubuntu 5.10:
gnupg 1.4.1-1ubuntu1.4

Ubuntu 6.06 LTS:
gnupg 1.4.2.2-1ubuntu2.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-332-1

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-3746
BugTraq ID: 19110
http://www.securityfocus.com/bid/19110
Bugtraq: 20060802 rPSA-2006-0143-1 gnupg (Google Search)
http://www.securityfocus.com/archive/1/442012/100/0/threaded
Bugtraq: 20060808 ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability (Google Search)
http://www.securityfocus.com/archive/1/442621/100/100/threaded
Debian Security Information: DSA-1140 (Google Search)
http://www.debian.org/security/2006/dsa-1140
Debian Security Information: DSA-1141 (Google Search)
http://www.debian.org/security/2006/dsa-1141
http://security.gentoo.org/glsa/glsa-200608-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:141
http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204;msg=15;att=1
http://issues.rpath.com/browse/RPL-560
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502
http://lists.immunitysec.com/pipermail/dailydave/2006-July/003354.html
http://www.gossamer-threads.com/lists/gnupg/devel/37623
http://www.osvdb.org/27664
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11347
http://www.redhat.com/support/errata/RHSA-2006-0615.html
http://securitytracker.com/id?1016622
http://secunia.com/advisories/21297
http://secunia.com/advisories/21300
http://secunia.com/advisories/21306
http://secunia.com/advisories/21326
http://secunia.com/advisories/21329
http://secunia.com/advisories/21333
http://secunia.com/advisories/21346
http://secunia.com/advisories/21351
http://secunia.com/advisories/21378
http://secunia.com/advisories/21467
http://secunia.com/advisories/21522
http://secunia.com/advisories/21524
http://secunia.com/advisories/21598
SGI Security Advisory: 20060801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
SuSE Security Announcement: SUSE-SR:2006:020 (Google Search)
http://www.novell.com/linux/security/advisories/2006_20_sr.html
http://lwn.net/Alerts/194228/
http://www.ubuntu.com/usn/usn-332-1
http://www.vupen.com/english/advisories/2006/3123
XForce ISS Database: gnupg-parsecomment-bo(28220)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28220
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.