Search...

Debian DSA-1140-1 : gnupg - integer overflow

2006-10-14T00:00:00

ID DEBIAN_DSA-1140.NASL
Type nessus
Reporter This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
Modified 2006-10-14T00:00:00

Description

Evgeny Legerov discovered that overly large comments can crash gnupg, the GNU privacy guard - a free PGP replacement.

                                        
                                            #%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1140. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(22682);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2006-3746");
  script_bugtraq_id(19110);
  script_xref(name:"DSA", value:"1140");

  script_name(english:"Debian DSA-1140-1 : gnupg - integer overflow");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Evgeny Legerov discovered that overly large comments can crash gnupg,
the GNU privacy guard - a free PGP replacement."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381204"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2006/dsa-1140"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the gnupg package.

For the stable distribution (sarge) this problem has been fixed in
version 1.4.1-1.sarge5."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gnupg");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/08/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
  script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.1", prefix:"gnupg", reference:"1.4.1-1.sarge5")) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "DEBIAN_DSA-1140.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-1140-1 : gnupg - integer overflow", "description": "Evgeny Legerov discovered that overly large comments can crash gnupg,\nthe GNU privacy guard - a free PGP replacement.", "published": "2006-10-14T00:00:00", "modified": "2006-10-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/22682", "reporter": "This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.", "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381204", "http://www.debian.org/security/2006/dsa-1140"], "cvelist": ["CVE-2006-3746"], "type": "nessus", "lastseen": "2021-01-06T09:44:40", "edition": 25, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-3746"]}, {"type": "openvas", "idList": ["OPENVAS:861323", "OPENVAS:57210", "OPENVAS:57209", "OPENVAS:57858", "OPENVAS:136141256231065347", "OPENVAS:65347"]}, {"type": "gentoo", "idList": ["GLSA-200608-08"]}, {"type": "osvdb", "idList": ["OSVDB:27664"]}, {"type": "centos", "idList": ["CESA-2006:0615", "CESA-2006:0615-01"]}, {"type": "exploitdb", "idList": ["EDB-ID:28257"]}, {"type": "ubuntu", "idList": ["USN-332-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1140-1:CEB67", "DEBIAN:DSA-1141-1:3E264"]}, {"type": "oraclelinux", "idList": ["ELSA-2006-0615"]}, {"type": "redhat", "idList": ["RHSA-2006:0615"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2006-0615.NASL", "REDHAT-RHSA-2006-0615.NASL", "ORACLELINUX_ELSA-2006-0615.NASL", "SUSE_GPG-1955.NASL", "UBUNTU_USN-332-1.NASL", "SUSE_GPG2-1956.NASL", "SUSE_GPG-1959.NASL", "MANDRAKE_MDKSA-2006-141.NASL", "DEBIAN_DSA-1141.NASL", "GENTOO_GLSA-200608-08.NASL"]}, {"type": "fedora", "idList": ["FEDORA:L2CJFWF6006929"]}], "modified": "2021-01-06T09:44:40", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-01-06T09:44:40", "rev": 2}, "vulnersScore": 6.3}, "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1140. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22682);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-3746\");\n script_bugtraq_id(19110);\n script_xref(name:\"DSA\", value:\"1140\");\n\n script_name(english:\"Debian DSA-1140-1 : gnupg - integer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Evgeny Legerov discovered that overly large comments can crash gnupg,\nthe GNU privacy guard - a free PGP replacement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1140\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gnupg package.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.4.1-1.sarge5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"gnupg\", reference:\"1.4.1-1.sarge5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "22682", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:gnupg"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:48:16", "description": "Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.", "edition": 3, "cvss3": {}, "published": "2006-07-28T21:04:00", "title": "CVE-2006-3746", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3746"], "modified": "2018-10-17T21:29:00", "cpe": ["cpe:/a:gnupg:gnupg:1.4.4"], "id": "CVE-2006-3746", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3746", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-18T01:46:31", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3746"], "description": "Evgeny Legerov discovered that gnupg did not sufficiently check the \nvalidity of the comment and a control field. Specially crafted GPG \ndata could cause a buffer overflow. This could be exploited to execute \narbitrary code with the user's privileges if an attacker can trick an \nuser into processing a malicious encrypted/signed document with gnupg.", "edition": 6, "modified": "2006-08-03T00:00:00", "published": "2006-08-03T00:00:00", "id": "USN-332-1", "href": "https://ubuntu.com/security/notices/USN-332-1", "title": "gnupg vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2017-07-26T08:55:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3746"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gpg\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021703 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65347", "href": "http://plugins.openvas.org/nasl.php?oid=65347", "type": "openvas", "title": "SLES9: Security update for gpg", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021703.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for gpg\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gpg\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021703 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65347);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-3746\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for gpg\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.4~68.19\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3746"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gpg\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021703 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065347", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065347", "type": "openvas", "title": "SLES9: Security update for gpg", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021703.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for gpg\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gpg\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021703 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65347\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-3746\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for gpg\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.4~68.19\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3746"], "description": "The remote host is missing an update to gnupg\nannounced via advisory DSA 1140-1.\n\nEvgeny Legerov discovered that overly large comments can crash gnupg,\nthe GNU privacy guard - a free PGP replacement.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:57209", "href": "http://plugins.openvas.org/nasl.php?oid=57209", "type": "openvas", "title": "Debian Security Advisory DSA 1140-1 (gnupg)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1140_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1140-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 1.4.1-1.sarge5.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.4.5-1.\n\nWe recommend that you upgrade your gnupg package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201140-1\";\ntag_summary = \"The remote host is missing an update to gnupg\nannounced via advisory DSA 1140-1.\n\nEvgeny Legerov discovered that overly large comments can crash gnupg,\nthe GNU privacy guard - a free PGP replacement.\";\n\n\nif(description)\n{\n script_id(57209);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-3746\");\n script_bugtraq_id(19110);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1140-1 (gnupg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gnupg\", ver:\"1.4.1-1.sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3746"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200608-08.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:57858", "href": "http://plugins.openvas.org/nasl.php?oid=57858", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200608-08 (gnupg)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"GnuPG is vulnerable to an integer overflow that could lead to the execution\nof arbitrary code.\";\ntag_solution = \"All GnuPG users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '=app-crypt/gnupg-1.4*'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200608-08\nhttp://bugs.gentoo.org/show_bug.cgi?id=142248\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200608-08.\";\n\n \n\nif(description)\n{\n script_id(57858);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-3746\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200608-08 (gnupg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-crypt/gnupg\", unaffected: make_list(\"ge 1.4.5\"), vulnerable: make_list(\"lt 1.4.5\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3746"], "description": "The remote host is missing an update to gnupg2\nannounced via advisory DSA 1141-1.\n\nEvgeny Legerov discovered that overly large comments can crash gnupg,\nthe GNU privacy guard - a free PGP replacement, which is also present\nin the development branch.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:57210", "href": "http://plugins.openvas.org/nasl.php?oid=57210", "type": "openvas", "title": "Debian Security Advisory DSA 1141-1 (gnupg2)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1141_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1141-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 1.9.15-6sarge2.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you upgrade your gnupg2 package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201141-1\";\ntag_summary = \"The remote host is missing an update to gnupg2\nannounced via advisory DSA 1141-1.\n\nEvgeny Legerov discovered that overly large comments can crash gnupg,\nthe GNU privacy guard - a free PGP replacement, which is also present\nin the development branch.\";\n\n\nif(description)\n{\n script_id(57210);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-3746\");\n script_bugtraq_id(19110);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1141-1 (gnupg2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gnupg-agent\", ver:\"1.9.15-6sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gnupg2\", ver:\"1.9.15-6sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gpgsm\", ver:\"1.9.15-6sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3082", "CVE-2006-6169", "CVE-2006-6235", "CVE-2006-3746"], "description": "Check for the Version of gnupg", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861323", "href": "http://plugins.openvas.org/nasl.php?oid=861323", "type": "openvas", "title": "Fedora Update for gnupg FEDORA-2007-316", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnupg FEDORA-2007-316\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnupg on Fedora Core 5\";\ntag_insight = \"GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and\n creating digital signatures. GnuPG has advanced key management\n capabilities and is compliant with the proposed OpenPGP Internet\n standard described in RFC2440. Since GnuPG doesn't use any patented\n algorithm, it is not compatible with any version of PGP2 (PGP2.x uses\n only IDEA for symmetric-key encryption, which is patented worldwide).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-March/msg00032.html\");\n script_id(861323);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:23:18 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-316\");\n script_cve_id(\"CVE-2006-6169\", \"CVE-2006-6235\", \"CVE-2006-3746\", \"CVE-2006-3082\");\n script_name( \"Fedora Update for gnupg FEDORA-2007-316\");\n\n script_summary(\"Check for the Version of gnupg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnupg\", rpm:\"gnupg~1.4.7~1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/gnupg\", rpm:\"x86_64/gnupg~1.4.7~1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/gnupg-debuginfo\", rpm:\"x86_64/debug/gnupg-debuginfo~1.4.7~1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/gnupg-debuginfo\", rpm:\"i386/debug/gnupg-debuginfo~1.4.7~1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/gnupg\", rpm:\"i386/gnupg~1.4.7~1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3746"], "edition": 1, "description": "### Background\n\nThe GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. \n\n### Description\n\nEvgeny Legerov discovered a vulnerability in GnuPG that when certain packets are handled an integer overflow may occur. \n\n### Impact\n\nBy sending a specially crafted email to a user running an affected version of GnuPG, a remote attacker could possibly execute arbitrary code with the permissions of the user running GnuPG. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll GnuPG users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \"=app-crypt/gnupg-1.4*\"", "modified": "2006-08-08T00:00:00", "published": "2006-08-05T00:00:00", "id": "GLSA-200608-08", "href": "https://security.gentoo.org/glsa/200608-08", "type": "gentoo", "title": "GnuPG: Integer overflow vulnerability", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-3746"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200608-08.xml)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Aug/0006.html)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-332-1)\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2006/0044/)\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:141)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P.asc)\n[Secunia Advisory ID:21329](https://secuniaresearch.flexerasoftware.com/advisories/21329/)\n[Secunia Advisory ID:21326](https://secuniaresearch.flexerasoftware.com/advisories/21326/)\n[Secunia Advisory ID:21306](https://secuniaresearch.flexerasoftware.com/advisories/21306/)\n[Secunia Advisory ID:21522](https://secuniaresearch.flexerasoftware.com/advisories/21522/)\n[Secunia Advisory ID:21598](https://secuniaresearch.flexerasoftware.com/advisories/21598/)\n[Secunia Advisory ID:21297](https://secuniaresearch.flexerasoftware.com/advisories/21297/)\n[Secunia Advisory ID:21300](https://secuniaresearch.flexerasoftware.com/advisories/21300/)\n[Secunia Advisory ID:21346](https://secuniaresearch.flexerasoftware.com/advisories/21346/)\n[Secunia Advisory ID:21378](https://secuniaresearch.flexerasoftware.com/advisories/21378/)\n[Secunia Advisory ID:21524](https://secuniaresearch.flexerasoftware.com/advisories/21524/)\n[Secunia Advisory ID:21351](https://secuniaresearch.flexerasoftware.com/advisories/21351/)\n[Secunia Advisory ID:21467](https://secuniaresearch.flexerasoftware.com/advisories/21467/)\n[Secunia Advisory ID:21333](https://secuniaresearch.flexerasoftware.com/advisories/21333/)\nRedHat RHSA: RHSA-2006:0615\nOther Advisory URL: https://issues.rpath.com/browse/RPL-560\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1141\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1140\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.445471\nMail List Post: http://archives.neohapsis.com/archives/dailydave/2006-q3/0079.html\n[CVE-2006-3746](https://vulners.com/cve/CVE-2006-3746)\nBugtraq ID: 19110\n", "modified": "2006-07-21T10:04:01", "published": "2006-07-21T10:04:01", "href": "https://vulners.com/osvdb/OSVDB:27664", "id": "OSVDB:27664", "title": "GnuPG parse_comment Function Crafted Message Overflow DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-12-20T18:27:58", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3746"], "description": "**CentOS Errata and Security Advisory** CESA-2006:0615-01\n\n\nGnuPG is a utility for encrypting data and creating digital signatures.\r\n\r\nAn integer overflow flaw was found in GnuPG. An attacker could create a\r\ncarefully crafted message packet with a large length that could cause GnuPG\r\nto crash or possibly overwrite memory when opened. (CVE-2006-3746)\r\n\r\nAll users of GnuPG are advised to upgrade to these updated packages, which\r\ncontain a backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/025130.html\n\n**Affected packages:**\ngnupg\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 4, "modified": "2006-08-03T03:42:42", "published": "2006-08-03T03:42:42", "href": "http://lists.centos.org/pipermail/centos-announce/2006-August/025130.html", "id": "CESA-2006:0615-01", "title": "gnupg security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-20T18:24:53", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3746"], "description": "**CentOS Errata and Security Advisory** CESA-2006:0615\n\n\nGnuPG is a utility for encrypting data and creating digital signatures.\r\n\r\nAn integer overflow flaw was found in GnuPG. An attacker could create a\r\ncarefully crafted message packet with a large length that could cause GnuPG\r\nto crash or possibly overwrite memory when opened. (CVE-2006-3746)\r\n\r\nAll users of GnuPG are advised to upgrade to these updated packages, which\r\ncontain a backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/025144.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/025146.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/025147.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/025149.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/025152.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/025156.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/025157.html\n\n**Affected packages:**\ngnupg\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0615.html", "edition": 4, "modified": "2006-08-05T15:30:46", "published": "2006-08-04T19:41:44", "href": "http://lists.centos.org/pipermail/centos-announce/2006-August/025144.html", "id": "CESA-2006:0615", "title": "gnupg security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T07:45:26", "description": "GnuPG 1.4/1.9 Parse_Comment Remote Buffer Overflow Vulnerability. CVE-2006-3746 . Dos exploit for linux platform", "published": "2006-07-22T00:00:00", "type": "exploitdb", "title": "GnuPG 1.4/1.9 Parse_Comment Remote Buffer Overflow Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-3746"], "modified": "2006-07-22T00:00:00", "id": "EDB-ID:28257", "href": "https://www.exploit-db.com/exploits/28257/", "sourceData": "source: http://www.securityfocus.com/bid/19110/info\r\n\r\nGnuPG is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.\r\n\r\nThis issue may allow remote attackers to execute arbitrary machine code in the context of the affected application, but this has not been confirmed.\r\n\r\nGnuPG version 1.4.4 is vulnerable to this issue; previous versions may also be affected.\r\n\r\nperl -e 'print \"\\xfd\\xff\\xff\\xff\\xff\\xfe\"'| /var/gnupg/bin/gpg --no-armor", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/28257/"}], "debian": [{"lastseen": "2020-11-11T13:21:44", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3746"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1140-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nAugust 3rd, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : gnupg\nVulnerability : integer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2006-3746\nBugTraq ID : 19110\nDebian Bug : 381204\n\nEvgeny Legerov discovered that overly large comments can crash gnupg,\nthe GNU privacy guard - a free PGP replacement.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.4.1-1.sarge5.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.4.5-1.\n\nWe recommend that you upgrade your gnupg package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5.dsc\n Size/MD5 checksum: 680 3ca752cd4daad97be9a5c39c8946529f\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5.diff.gz\n Size/MD5 checksum: 20602 60b0f10cc733d5db834cc938ea64c9c6\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1.orig.tar.gz\n Size/MD5 checksum: 4059170 1cc77c6943baaa711222e954bbd785e5\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_alpha.deb\n Size/MD5 checksum: 2155966 7247aeac9ee92201dd653d72250b6635\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_amd64.deb\n Size/MD5 checksum: 1963522 090bc4edbbcff55a42e0f0e150bebe1c\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_arm.deb\n Size/MD5 checksum: 1899504 3d5a8c67821576dcb96db83439689693\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_i386.deb\n Size/MD5 checksum: 1908672 27f9a0178ae75e60f4190f7cc1b648b2\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_ia64.deb\n Size/MD5 checksum: 2325364 7cb958f11cf26f2606a8630b0837302b\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_hppa.deb\n Size/MD5 checksum: 2004276 0a18314991ba8b9df2197dc59fa9fc9b\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_m68k.deb\n Size/MD5 checksum: 1811104 3d34a165f7e7b9b7f7762ea3f098436a\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_mips.deb\n Size/MD5 checksum: 2000886 fd5a35eea245eed1d8e867c2dab420fe\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_mipsel.deb\n Size/MD5 checksum: 2007526 a7d376140cc177b7365b8931e443b511\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_powerpc.deb\n Size/MD5 checksum: 1957954 405cd2998ce0d4e4867a2b781d023db5\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_s390.deb\n Size/MD5 checksum: 1967138 4e863993101250029ce2f276a83c964b\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_sparc.deb\n Size/MD5 checksum: 1897516 bce716a627c062c3ca034d8d49c24b58\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 3, "modified": "2006-08-03T00:00:00", "published": "2006-08-03T00:00:00", "id": "DEBIAN:DSA-1140-1:CEB67", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00229.html", "title": "[SECURITY] [DSA 1140-1] New GnuPG packages fix denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-11T13:19:53", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3746"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1141-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nAugust 4th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : gnupg2\nVulnerability : integer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2006-3746\nBugTraq ID : 19110\nDebian Bug : 381204\n\nEvgeny Legerov discovered that overly large comments can crash gnupg,\nthe GNU privacy guard - a free PGP replacement, which is also present\nin the development branch.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.9.15-6sarge2.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you upgrade your gnupg2 package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2.dsc\n Size/MD5 checksum: 854 2c392bb08b77bcb9995be4fbf2c58283\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2.diff.gz\n Size/MD5 checksum: 1860310 f465fe72762f514831d87583ca399bd5\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15.orig.tar.gz\n Size/MD5 checksum: 5454978 ee3885e2c74a9c1ae539d6f12091c30b\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_alpha.deb\n Size/MD5 checksum: 112370 a119a0b8c191e3689d42c9a213dd4f76\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_alpha.deb\n Size/MD5 checksum: 886302 4c5c70dd431e4ccc591a87d068ac9553\n http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_alpha.deb\n Size/MD5 checksum: 453490 eec6ae4af73ba7a7ccef13d4e36b003e\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_amd64.deb\n Size/MD5 checksum: 98516 fa8437eba6bda3ad2162d43a30195c8e\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_amd64.deb\n Size/MD5 checksum: 774640 30b1e6d048ba60c0e073c0c180bc686b\n http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_amd64.deb\n Size/MD5 checksum: 385744 72d4e6b41160959caec8301b23032897\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_arm.deb\n Size/MD5 checksum: 87376 ea0c54b9a3556192db52aa1178866d96\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_arm.deb\n Size/MD5 checksum: 712774 9b7ba34e952f1b860bafeaeba2178c82\n http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_arm.deb\n Size/MD5 checksum: 339734 78250a052bd3784f942045470fa118aa\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_i386.deb\n Size/MD5 checksum: 90114 918515e91219ed74277a53abdfafe943\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_i386.deb\n Size/MD5 checksum: 731710 253c2259991935b0318465e6b9eb8219\n http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_i386.deb\n Size/MD5 checksum: 351978 67b70918cb89760a02e53a5776ad39b6\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_ia64.deb\n Size/MD5 checksum: 130350 b00f67ed9488c494e38b2e4e29266174\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_ia64.deb\n Size/MD5 checksum: 1026420 5a988d46cbf0a5934cf348d731ca1a15\n http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_ia64.deb\n Size/MD5 checksum: 539966 515877cf2dd350361ff10a0c58ea11a9\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_hppa.deb\n Size/MD5 checksum: 100620 f5f9366786672079f327f365385425f4\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_hppa.deb\n Size/MD5 checksum: 794818 dcbed566a023e7e67e00898c07af70af\n http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_hppa.deb\n Size/MD5 checksum: 394016 71252acf652b07008f09442d0231df51\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_m68k.deb\n Size/MD5 checksum: 82194 50c0f479584c5e461c3f19fa0f2b15cb\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_m68k.deb\n Size/MD5 checksum: 669558 8ef059958304096b34a6afc28dc90211\n http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_m68k.deb\n Size/MD5 checksum: 312018 6a268cb889f3d63100eab8556e747126\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_mips.deb\n Size/MD5 checksum: 100550 e8d48a649076e96490fbc5312840d4a7\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_mips.deb\n Size/MD5 checksum: 788684 7bce8a4ac745fb31edbd36ac30952e14\n http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_mips.deb\n Size/MD5 checksum: 395128 b146bb25bd370d3b291bb09ea030f777\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_mipsel.deb\n Size/MD5 checksum: 101030 fb640cb9e3e11c780689e73c6e3a634b\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_mipsel.deb\n Size/MD5 checksum: 790182 a787aa68ea3e88ea41772e75627e15c1\n http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_mipsel.deb\n Size/MD5 checksum: 396312 821572bca6b813b65e72017f38c0a367\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_powerpc.deb\n Size/MD5 checksum: 95628 cf88406807fc6743022e9c3da4d29bad\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_powerpc.deb\n Size/MD5 checksum: 769376 4311b23a564c3964a9a96cb13923a5be\n http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_powerpc.deb\n Size/MD5 checksum: 377396 9918891d1cd6d307cd0b1772b3c698da\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_s390.deb\n Size/MD5 checksum: 98758 c728d9ae54f35867e0739b316f09f301\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_s390.deb\n Size/MD5 checksum: 766466 3b996b477a5c82a7b4b828daa931cb3e\n http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_s390.deb\n Size/MD5 checksum: 384794 e6a36afdcc54605336195929ac7fd715\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_sparc.deb\n Size/MD5 checksum: 89600 18af0a390ff51141947be8186a7579b1\n http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_sparc.deb\n Size/MD5 checksum: 721000 e8133a5b950115c89e0d702161c76ec9\n http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_sparc.deb\n Size/MD5 checksum: 345248 2b2d8a191d7832d570fb0ea8bb4a4eb1\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 3, "modified": "2006-08-03T00:00:00", "published": "2006-08-03T00:00:00", "id": "DEBIAN:DSA-1141-1:3E264", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00230.html", "title": "[SECURITY] [DSA 1141-1] New GnuPG2 packages fix denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:44", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3746"], "description": " [1.2.6-6]\n - backport fixes for two more malloc overflows from 1.4.5rc1 (#200502) ", "edition": 4, "modified": "2006-12-07T00:00:00", "published": "2006-12-07T00:00:00", "id": "ELSA-2006-0615", "href": "http://linux.oracle.com/errata/ELSA-2006-0615.html", "title": "Moderate gnupg security update ", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:49", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3746"], "description": "GnuPG is a utility for encrypting data and creating digital signatures.\r\n\r\nAn integer overflow flaw was found in GnuPG. An attacker could create a\r\ncarefully crafted message packet with a large length that could cause GnuPG\r\nto crash or possibly overwrite memory when opened. (CVE-2006-3746)\r\n\r\nAll users of GnuPG are advised to upgrade to these updated packages, which\r\ncontain a backported patch to correct this issue.", "modified": "2019-03-22T23:43:13", "published": "2006-08-02T04:00:00", "id": "RHSA-2006:0615", "href": "https://access.redhat.com/errata/RHSA-2006:0615", "type": "redhat", "title": "(RHSA-2006:0615) gnupg security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-01T06:45:12", "description": "Evgeny Legerov discovered that gnupg did not sufficiently check the\nvalidity of the comment and a control field. Specially crafted GPG\ndata could cause a buffer overflow. This could be exploited to execute\narbitrary code with the user's privileges if an attacker can trick an\nuser into processing a malicious encrypted/signed document with gnupg.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2007-11-10T00:00:00", "title": "Ubuntu 5.04 / 5.10 / 6.06 LTS : gnupg vulnerability (USN-332-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3746"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:gnupg", "cpe:/o:canonical:ubuntu_linux:5.10", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-332-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27911", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-332-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27911);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:33:01\");\n\n script_cve_id(\"CVE-2006-3746\");\n script_bugtraq_id(19110);\n script_xref(name:\"USN\", value:\"332-1\");\n\n script_name(english:\"Ubuntu 5.04 / 5.10 / 6.06 LTS : gnupg vulnerability (USN-332-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Evgeny Legerov discovered that gnupg did not sufficiently check the\nvalidity of the comment and a control field. Specially crafted GPG\ndata could cause a buffer overflow. This could be exploited to execute\narbitrary code with the user's privileges if an attacker can trick an\nuser into processing a malicious encrypted/signed document with gnupg.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/332-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnupg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04|5\\.10|6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04 / 5.10 / 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"gnupg\", pkgver:\"1.2.5-3ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"gnupg\", pkgver:\"1.4.1-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"gnupg\", pkgver:\"1.4.2.2-1ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:25:01", "description": "Updated GnuPG packages that fix a security issue is now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nAn integer overflow flaw was found in GnuPG. An attacker could create\na carefully crafted message packet with a large length that could\ncause GnuPG to crash or possibly overwrite memory when opened.\n(CVE-2006-3746)\n\nAll users of GnuPG are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.", "edition": 26, "published": "2006-08-07T00:00:00", "title": "CentOS 3 / 4 : gnupg (CESA-2006:0615)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3746"], "modified": "2006-08-07T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:gnupg", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2006-0615.NASL", "href": "https://www.tenable.com/plugins/nessus/22164", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0615 and \n# CentOS Errata and Security Advisory 2006:0615 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22164);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-3746\");\n script_bugtraq_id(19110);\n script_xref(name:\"RHSA\", value:\"2006:0615\");\n\n script_name(english:\"CentOS 3 / 4 : gnupg (CESA-2006:0615)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated GnuPG packages that fix a security issue is now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nAn integer overflow flaw was found in GnuPG. An attacker could create\na carefully crafted message packet with a large length that could\ncause GnuPG to crash or possibly overwrite memory when opened.\n(CVE-2006-3746)\n\nAll users of GnuPG are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-August/013106.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?708ae3a7\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-August/013109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2f82541\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-August/013118.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86e4ef50\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-August/013119.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c4654973\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnupg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"ia64\", reference:\"gnupg-1.2.1-17\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"gnupg-1.2.6-6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:44:40", "description": "Evgeny Legerov discovered that overly large comments can crash gnupg,\nthe GNU privacy guard - a free PGP replacement, which is also present\nin the development branch.", "edition": 25, "published": "2006-10-14T00:00:00", "title": "Debian DSA-1141-1 : gnupg2 - integer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3746"], "modified": "2006-10-14T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:gnupg2"], "id": "DEBIAN_DSA-1141.NASL", "href": "https://www.tenable.com/plugins/nessus/22683", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1141. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22683);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-3746\");\n script_bugtraq_id(19110);\n script_xref(name:\"DSA\", value:\"1141\");\n\n script_name(english:\"Debian DSA-1141-1 : gnupg2 - integer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Evgeny Legerov discovered that overly large comments can crash gnupg,\nthe GNU privacy guard - a free PGP replacement, which is also present\nin the development branch.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1141\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gnupg2 package.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.9.15-6sarge2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"gnupg-agent\", reference:\"1.9.15-6sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"gnupg2\", reference:\"1.9.15-6sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"gpgsm\", reference:\"1.9.15-6sarge2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:51:35", "description": "An integer overflow vulnerability was discovered in gnupg where an\nattacker could create a carefully-crafted message packet with a large\nlength that could cause gnupg to crash or possibly overwrite memory\nwhen opened.\n\nUpdated packages have been patched to correct this issue.", "edition": 24, "published": "2006-12-16T00:00:00", "title": "Mandrake Linux Security Advisory : gnupg (MDKSA-2006:141)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3746"], "modified": "2006-12-16T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:gnupg2", "p-cpe:/a:mandriva:linux:gnupg", "cpe:/o:mandriva:linux:2006"], "id": "MANDRAKE_MDKSA-2006-141.NASL", "href": "https://www.tenable.com/plugins/nessus/23890", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:141. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23890);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3746\");\n script_bugtraq_id(19110);\n script_xref(name:\"MDKSA\", value:\"2006:141\");\n\n script_name(english:\"Mandrake Linux Security Advisory : gnupg (MDKSA-2006:141)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow vulnerability was discovered in gnupg where an\nattacker could create a carefully-crafted message packet with a large\nlength that could cause gnupg to crash or possibly overwrite memory\nwhen opened.\n\nUpdated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnupg and / or gnupg2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"gnupg-1.4.2.2-0.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"gnupg2-1.9.16-4.2.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:52:07", "description": "The remote host is affected by the vulnerability described in GLSA-200608-08\n(GnuPG: Integer overflow vulnerability)\n\n Evgeny Legerov discovered a vulnerability in GnuPG that when certain\n packets are handled an integer overflow may occur.\n \nImpact :\n\n By sending a specially crafted email to a user running an affected\n version of GnuPG, a remote attacker could possibly execute arbitrary\n code with the permissions of the user running GnuPG.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2006-08-07T00:00:00", "title": "GLSA-200608-08 : GnuPG: Integer overflow vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3746"], "modified": "2006-08-07T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:gnupg"], "id": "GENTOO_GLSA-200608-08.NASL", "href": "https://www.tenable.com/plugins/nessus/22166", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200608-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22166);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3746\");\n script_bugtraq_id(19110);\n script_xref(name:\"GLSA\", value:\"200608-08\");\n\n script_name(english:\"GLSA-200608-08 : GnuPG: Integer overflow vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200608-08\n(GnuPG: Integer overflow vulnerability)\n\n Evgeny Legerov discovered a vulnerability in GnuPG that when certain\n packets are handled an integer overflow may occur.\n \nImpact :\n\n By sending a specially crafted email to a user running an affected\n version of GnuPG, a remote attacker could possibly execute arbitrary\n code with the permissions of the user running GnuPG.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200608-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GnuPG users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '=app-crypt/gnupg-1.4*'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/07\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-crypt/gnupg\", unaffected:make_list(\"ge 1.4.5\"), vulnerable:make_list(\"lt 1.4.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GnuPG\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:44:17", "description": "This update of gpg2 fixes an segmentation fault when using\nthe--no-armor option. This failure leads to a denial-of-service attack\nand may be used execute arbitrary code. (CVE-2006-3746)", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : gpg2 (gpg2-1956)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3746"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gpg2", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_GPG2-1956.NASL", "href": "https://www.tenable.com/plugins/nessus/27250", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gpg2-1956.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27250);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-3746\");\n\n script_name(english:\"openSUSE 10 Security Update : gpg2 (gpg2-1956)\");\n script_summary(english:\"Check for the gpg2-1956 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of gpg2 fixes an segmentation fault when using\nthe--no-armor option. This failure leads to a denial-of-service attack\nand may be used execute arbitrary code. (CVE-2006-3746)\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gpg2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gpg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"gpg2-1.9.18-17.8\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpg2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:44:16", "description": "This update of gpg fixes an segmentation fault when using\nthe--no-armor option. This failure leads to a denial-of-service attack\nand may be used execute arbitrary code. (CVE-2006-3746)", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : gpg (gpg-1955)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3746"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gpg", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_GPG-1955.NASL", "href": "https://www.tenable.com/plugins/nessus/27245", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gpg-1955.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27245);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-3746\");\n\n script_name(english:\"openSUSE 10 Security Update : gpg (gpg-1955)\");\n script_summary(english:\"Check for the gpg-1955 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of gpg fixes an segmentation fault when using\nthe--no-armor option. This failure leads to a denial-of-service attack\nand may be used execute arbitrary code. (CVE-2006-3746)\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gpg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gpg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"gpg-1.4.2-23.7\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpg\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:43:50", "description": "From Red Hat Security Advisory 2006:0615 :\n\nUpdated GnuPG packages that fix a security issue is now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nAn integer overflow flaw was found in GnuPG. An attacker could create\na carefully crafted message packet with a large length that could\ncause GnuPG to crash or possibly overwrite memory when opened.\n(CVE-2006-3746)\n\nAll users of GnuPG are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : gnupg (ELSA-2006-0615)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3746"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gnupg", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2006-0615.NASL", "href": "https://www.tenable.com/plugins/nessus/67400", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2006:0615 and \n# Oracle Linux Security Advisory ELSA-2006-0615 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67400);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-3746\");\n script_bugtraq_id(19110);\n script_xref(name:\"RHSA\", value:\"2006:0615\");\n\n script_name(english:\"Oracle Linux 4 : gnupg (ELSA-2006-0615)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2006:0615 :\n\nUpdated GnuPG packages that fix a security issue is now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nAn integer overflow flaw was found in GnuPG. An attacker could create\na carefully crafted message packet with a large length that could\ncause GnuPG to crash or possibly overwrite memory when opened.\n(CVE-2006-3746)\n\nAll users of GnuPG are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-December/000029.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnupg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"gnupg-1.2.6-6\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"gnupg-1.2.6-6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:44:16", "description": "This update of gpg fixes an segmentation fault when using\nthe--no-armor option. This failure leads to a denial-of-service attack\nand may be used execute arbitrary code. (CVE-2006-3746)", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : gpg (ZYPP Patch Number 1959)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3746"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GPG-1959.NASL", "href": "https://www.tenable.com/plugins/nessus/29448", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29448);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-3746\");\n\n script_name(english:\"SuSE 10 Security Update : gpg (ZYPP Patch Number 1959)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of gpg fixes an segmentation fault when using\nthe--no-armor option. This failure leads to a denial-of-service attack\nand may be used execute arbitrary code. (CVE-2006-3746)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-3746.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 1959.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"gpg-1.4.2-23.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"gpg-1.4.2-23.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:05:40", "description": "Updated GnuPG packages that fix a security issue is now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nAn integer overflow flaw was found in GnuPG. An attacker could create\na carefully crafted message packet with a large length that could\ncause GnuPG to crash or possibly overwrite memory when opened.\n(CVE-2006-3746)\n\nAll users of GnuPG are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.", "edition": 27, "published": "2006-08-04T00:00:00", "title": "RHEL 2.1 / 3 / 4 : gnupg (RHSA-2006:0615)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3746"], "modified": "2006-08-04T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:gnupg"], "id": "REDHAT-RHSA-2006-0615.NASL", "href": "https://www.tenable.com/plugins/nessus/22151", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0615. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22151);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-3746\");\n script_bugtraq_id(19110);\n script_xref(name:\"RHSA\", value:\"2006:0615\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : gnupg (RHSA-2006:0615)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated GnuPG packages that fix a security issue is now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nAn integer overflow flaw was found in GnuPG. An attacker could create\na carefully crafted message packet with a large length that could\ncause GnuPG to crash or possibly overwrite memory when opened.\n(CVE-2006-3746)\n\nAll users of GnuPG are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0615\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnupg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0615\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"gnupg-1.0.7-18\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"gnupg-1.2.1-17\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"gnupg-1.2.6-6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3082", "CVE-2006-3746", "CVE-2006-6169", "CVE-2006-6235"], "description": "GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of PGP2 (PGP2.x uses only IDEA for symmetric-key encryption, which is patented worldwide). ", "modified": "2007-03-12T19:15:32", "published": "2007-03-12T19:15:32", "id": "FEDORA:L2CJFWF6006929", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 5 Update: gnupg-1.4.7-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}