Lucene search

FreeBSD30394651-13E1-11DD-BAB7-0016179B2DD5

HistoryMar 19, 2008 - 12:00 a.m.

gnupg -- memory corruption vulnerability

2008-03-1900:00:00

vuxml.freebsd.org

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.041

Percentile

92.3%

JSON

Secunia reports:

A vulnerability has been reported in GnuPG, which can potentially
be exploited to compromise a vulnerable system.
The vulnerability is caused due to an error when importing keys
with duplicated IDs. This can be exploited to cause a memory
corruption when importing keys via --refresh-keys or --import.
Successful exploitation potentially allows execution of arbitrary
code, but has not been proven yet.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgnupg= 1.0.0UNKNOWN
FreeBSDanynoarchgnupg< 1.4.9UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	gnupg	= 1.0.0	UNKNOWN
FreeBSD	any	noarch	gnupg	< 1.4.9	UNKNOWN

References

secunia.com/advisories/29568

www.ocert.org/advisories/ocert-2008-1.html

bugs.g10code.com/gnupg/issue894

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.041

Percentile

92.3%

JSON

Related for 30394651-13E1-11DD-BAB7-0016179B2DD5