10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.056 Low
EPSS
Percentile
93.2%
A vulnerability in GnuPG could allow a remote attacker to execute arbitrary code on an affected system.
GNU Privacy Guard (GnuPG) is the GNU project’s implementation of the OpenPGP standard as defined by RFC2440.
OpenPGP messages are processed by GnuPG using data structures called filters that are used in a way similar to pipelines in the shell. Context structures that are usually allocated on the stack and passed to the filter functions are used for communications between these filters. Before the context structure gets deallocated, the OpenPGP data stream that is fed into the filters is closed. In some cases, while decrypting encrypted packets, this may not happen and the filter may use a void context structure filled with garbage that is under the attacker’s control. Another context is included in the filter context for use by the low-level decryption. The decryption algorithm is accessed by this context via a function pointer.
According to GnuPG:
_Using malformed OpenPGP packets an attacker is able to modify and dereference a function pointer in GnuPG. _
The GnuPG advisory notes that both encrypted and signed data could be used as attack vectors for this vulnerability.
A remote, unauthenticated attacker with the ability to supply specially crafted OpenPGP packets to a vulnerable version of GnuPG may be able to execute arbitrary code on an affected system. The attacker-supplied code would be executed with the privileges of the user or application invoking gpg
.
Apply a patch or upgrade
Patches have been released to address this issue. Please see the Systems Affected section of this document for more details on specific vendors.
Users who compile GnuPG from the original distribution are encouraged to upgrade to version 1.4.6 (or later) or apply the patch to upgrade from 1.4.5 to 1.4.6.
Run with limited privileges
Running GnuPG with reduced privileges may help mitigate the effects of this vulnerability. Note that this workaround will not prevent exploitation.
427009
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: December 18, 2006 Updated: December 21, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to Debian Security Advisory dsa-1231.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23427009 Feedback>).
Notified: December 18, 2006 Updated: December 21, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to Gentoo Linux Security Advisory GLSA 200612-03.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23427009 Feedback>).
Notified: December 07, 2006 Updated: December 07, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The GnuPG development team has published GnuPG version 1.4.6 in response to this issue. Users who compile GnuPG from the original distribution are encouraged to upgrade to this version (or later) or apply the patch to upgrade from 1.4.5 to 1.4.6.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23427009 Feedback>).
Notified: December 18, 2006 Updated: December 18, 2006
Affected
Mandriva has correct this issue with updated packages via advisory MDKSA-2006:228 (<http://www.mandriva.com/security/advisories?name=MDKSA-2006:228>)
The vendor has not provided us with any further information regarding this vulnerability.
Updated: December 21, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to OpenPKG Security Advisory 2006.037.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23427009 Feedback>).
Notified: December 18, 2006 Updated: December 18, 2006
Affected
We have fixed this GnuPG vulnerability in Openwall GNU/*/Linux current as of 2006/12/06 and in 2.0-stable as of 2006/12/07.
The vendor has not provided us with any further information regarding this vulnerability.
Updated: December 07, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Red Hat has published Red Hat Security Advisory RHSA-2006:0754 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23427009 Feedback>).
Notified: December 18, 2006 Updated: December 19, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to SUSE Security Summary Report SUSE-SR:2006:028.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23427009 Feedback>).
Updated: December 21, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The Slackware security team has published Slackware Security Advisory SSA:2006-340-01 in response to this issue. Users are encouraged to review this response and apply the patches it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23427009 Feedback>).
Updated: December 11, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Trustix Secure Linux Security Advisory #2006-0070 for more information.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23427009 Feedback>).
Updated: December 07, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The Ubuntu security team has published Ubuntu Security Notice USN-393-1 in response to this issue. Users are encouraged to review this notice and apply the patches it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23427009 Feedback>).
Updated: December 07, 2006
Affected
`rPath Security Advisory: 2006-0227-1
Published: 2006-12-06
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Indirect Deterministic Privilege Escalation
Updated Versions:
gnupg=/conary.rpath.com@rpl:devel//1/1.4.6-0.1-
References:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235>
<https://issues.rpath.com/browse/RPL-835>
Description:
Previous versions of the gnupg package will execute attacker-provided
code found in intentionally malformed OpenPGP packets. This allows an
attacker to run arbitrary code as the user invoking gpg on the file
that contains the malformed packets.`
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 21, 2006
Not Affected
Sun does not ship GnuPG with Solaris and thus Solaris is not directly impacted by this issue. If a vulnerable version of GnuPG has been built and/or installed on a Solaris system then GnuPG will need to be updated to address this issue.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 18, 2006 Updated: December 18, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
View all 43 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This issue was publicly reported by Werner Koch of the GnuPG project who, in turn, credits Tavis Ormandy of the Gentoo Security Team with its discovery.
This document was written by Chad R Dougherty and Chris Taschner.
CVE IDs: | CVE-2006-6235 |
---|---|
Severity Metric: | 9.11 Date Public: |
lists.gnupg.org/pipermail/gnupg-announce/2006q4/000245.html
lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
secunia.com/advisories/23245/
secunia.com/advisories/23250/
secunia.com/advisories/23259/
secunia.com/advisories/23269/
secunia.com/advisories/23284/
secunia.com/advisories/23290/
secunia.com/advisories/23299/
secunia.com/advisories/23303/
secunia.com/advisories/23329/
secunia.com/advisories/24047/