7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.0%
There is a format string vulnerability in GNU Privacy Guard. By sending a GPG message with a carefully crafted malicious filename, an attacker may be able to execute arbitrary code as the user who decrypts the message.
GNU Privacy Guard (GPG) is a free, RFC2440 compliant replacement for Pretty Good Privacy (PGP).
A format string vulnerability occurs in the do_get() function in ttyio.c, where GnuPG calls tty_printf() with a user supplied format string. When GPG encounters a filename with an unknown suffix, and it is not in batch mode, it prompts the user for a new filename to write the decrypted results to. The default value (which is included in the prompt) is the existing filename. Note that the filename is embedded in the encrypted message itself, and that safe file names selected by the recipient is not sufficient to protect against this attack. If the filename embedded in the message contains printf style format characters, the message creator may be able to execute arbitrary code as the user who decrypts the message.
An attacker may be able to execute arbitrary code as the user decrypting the message.
Apply a patch from your vendor
GNU Privacy Guard version 1.0.6 corrects this problem. Many vendors have published security advisories and released updated distributions correcting the vulnerability.
Decrypt files in batch mode
Because the vulnerable code is not called when GnuPG is in batch mode, users may be able to work around the vulnerability by specifying --batch on the command line.
403051
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: December 12, 2001
Affected
Conectiva released an advisory and a fix in 2001-06-07:
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000399
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Debian has published a security advisory on this topic at:
<http://lists.debian.org/debian-security-announce/debian-security-announce-2001/msg00064.html>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
FreeBSD has published a security advisory on this topic at:
<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:44.gnupg.asc>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Updated: November 05, 2003
Affected
EnGarde Secure Linux was vulnerable as outlined in our advisory ESA-20010530-01 (May 30, 2001):
``<http://www.linuxsecurity.com/advisories/other_advisory-1405.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Updated: December 10, 2001
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Immunix has published Immunix OS Security Advisory IMNX-2001-70-023-01 regarding this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
MandrakeSoft has published a security advisory on this topic at:
<http://www.mandrakesecure.net/en/advisories/2001/MDKSA-2001-053-1.php3?dis=8.1>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
RedHat has published a security advisory on this topic at:
<http://www.redhat.com/support/errata/RHSA-2001-073.html>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Updated: December 10, 2001
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
SuSE has published a security advisory on this topic at:
<http://lists.suse.com/archive/suse-security-announce/2001-Jun/0000.html>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Caldera has published a security advisory on this topic at:
<http://www.caldera.com/support/security/advisories/CSSA-2001-020.1.txt>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Updated: December 10, 2001
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Trustix has published a security advisory on this topic at:
<http://www.trustix.org/pipermail/tsl-announce/2001-June/000011.html>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Updated: November 05, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
TurboLinux has published a security advisory on this topic at:
<http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: November 05, 2003
Not Affected
Fujitsu’s UXP/V operating system is not affected by the GnuPG format string vulnerability because it does not support the GnuPG package.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: November 05, 2003
Not Affected
we do not ship gnupg.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
Notified: December 10, 2001 Updated: December 11, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23403051 Feedback>).
View all 28 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Fish Stiqz for discovering this vulnerability.
This document was written by Cory F. Cohen.
CVE IDs: | CVE-2001-0522 |
---|---|
Severity Metric: | 21.94 Date Public: |
linuxtoday.com/news_story.php3?ltsn=2001-05-30-015-20-SC-PD
lists.debian.org/debian-security-announce/debian-security-announce-2001/msg00064.html
lists.suse.com/archive/suse-security-announce/2001-Jun/0000.html
www.caldera.com/support/security/advisories/CSSA-2001-020.1.txt
www.gnupg.org/whatsnew.html#rn20010529
www.i.cz/en/onas/tisk4.html
www.mandrakesecure.net/en/advisories/2001/MDKSA-2001-053-1.php3?dis=8.1
www.redhat.com/support/errata/RHSA-2001-073.html
www.securityfocus.com/archive/1/187352
www.securityfocus.com/bid/2797
www.trustix.org/pipermail/tsl-announce/2001-June/000011.html
www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html
xforce.iss.net/static/6642.php