Search...

Ubuntu 6.10 : gnupg2 vulnerabilities (USN-393-2)

2007-11-10T00:00:00

ID UBUNTU_USN-393-2.NASL
Type nessus
Reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2007-11-10T00:00:00

Description

USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg. This update provides the corresponding updates for gnupg2.

A buffer overflow was discovered in GnuPG. By tricking a user into running gpg interactively on a specially crafted message, an attacker could execute arbitrary code with the user's privileges. This vulnerability is not exposed when running gpg in batch mode. (CVE-2006-6169)

Tavis Ormandy discovered that gnupg was incorrectly using the stack. If a user were tricked into processing a specially crafted message, an attacker could execute arbitrary code with the user's privileges. (CVE-2006-6235).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-393-2. The text 
# itself is copyright (C) Canonical, Inc. See 
# &lt;http://www.ubuntu.com/usn/&gt;. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(27979);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2006-6169", "CVE-2006-6235");
  script_bugtraq_id(21306, 21462);
  script_xref(name:"USN", value:"393-2");

  script_name(english:"Ubuntu 6.10 : gnupg2 vulnerabilities (USN-393-2)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg. This update
provides the corresponding updates for gnupg2.

A buffer overflow was discovered in GnuPG. By tricking a user into
running gpg interactively on a specially crafted message, an attacker
could execute arbitrary code with the user's privileges. This
vulnerability is not exposed when running gpg in batch mode.
(CVE-2006-6169)

Tavis Ormandy discovered that gnupg was incorrectly using
the stack. If a user were tricked into processing a
specially crafted message, an attacker could execute
arbitrary code with the user's privileges. (CVE-2006-6235).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/393-2/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected gnupg-agent, gnupg2 and / or gpgsm packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnupg-agent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnupg2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gpgsm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/12/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(6\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.10", pkgname:"gnupg-agent", pkgver:"1.9.21-0ubuntu5.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"gnupg2", pkgver:"1.9.21-0ubuntu5.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"gpgsm", pkgver:"1.9.21-0ubuntu5.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnupg-agent / gnupg2 / gpgsm");
}

JSON Vulners Source

Initial Source

{"id": "UBUNTU_USN-393-2.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 6.10 : gnupg2 vulnerabilities (USN-393-2)", "description": "USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg. This update\nprovides the corresponding updates for gnupg2.\n\nA buffer overflow was discovered in GnuPG. By tricking a user into\nrunning gpg interactively on a specially crafted message, an attacker\ncould execute arbitrary code with the user's privileges. This\nvulnerability is not exposed when running gpg in batch mode.\n(CVE-2006-6169)\n\nTavis Ormandy discovered that gnupg was incorrectly using\nthe stack. If a user were tricked into processing a\nspecially crafted message, an attacker could execute\narbitrary code with the user's privileges. (CVE-2006-6235).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2007-11-10T00:00:00", "modified": "2007-11-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/27979", "reporter": "Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://usn.ubuntu.com/393-2/"], "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "type": "nessus", "lastseen": "2021-01-20T15:37:46", "edition": 25, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-6169", "CVE-2006-6235"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:15322"]}, {"type": "oraclelinux", "idList": ["ELSA-2006-0754"]}, {"type": "ubuntu", "idList": ["USN-389-1", "USN-393-2", "USN-393-1"]}, {"type": "slackware", "idList": ["SSA-2006-340-01", "SSA-2006-340-01B"]}, {"type": "openvas", "idList": ["OPENVAS:57701", "OPENVAS:57942", "OPENVAS:861323", "OPENVAS:57709", "OPENVAS:65204", "OPENVAS:136141256231057712", "OPENVAS:136141256231057701", "OPENVAS:57712", "OPENVAS:57673", "OPENVAS:136141256231065204"]}, {"type": "centos", "idList": ["CESA-2006:0754", "CESA-2006:0754-01"]}, {"type": "suse", "idList": ["SUSE-SA:2006:075"]}, {"type": "gentoo", "idList": ["GLSA-200612-03"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1231-1:2437D"]}, {"type": "redhat", "idList": ["RHSA-2006:0754"]}, {"type": "nessus", "idList": ["SUSE_GPG2-2354.NASL", "ORACLELINUX_ELSA-2006-0754.NASL", "FEDORA_2006-1406.NASL", "SUSE_GPG2-2352.NASL", "SUSE_GPG-2353.NASL", "CENTOS_RHSA-2006-0754.NASL", "DEBIAN_DSA-1231.NASL", "SLACKWARE_SSA_2006-340-01.NASL", "REDHAT-RHSA-2006-0754.NASL", "SUSE_GPG-2388.NASL"]}, {"type": "fedora", "idList": ["FEDORA:L2CJFWF6006929"]}, {"type": "freebsd", "idList": ["4DB1669C-8589-11DB-AC4F-02E081235DAB"]}, {"type": "osvdb", "idList": ["OSVDB:30720", "OSVDB:31832"]}, {"type": "cert", "idList": ["VU:427009"]}], "modified": "2021-01-20T15:37:46", "rev": 2}, "score": {"value": 8.3, "vector": "NONE", "modified": "2021-01-20T15:37:46", "rev": 2}, "vulnersScore": 8.3}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-393-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27979);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-6169\", \"CVE-2006-6235\");\n script_bugtraq_id(21306, 21462);\n script_xref(name:\"USN\", value:\"393-2\");\n\n script_name(english:\"Ubuntu 6.10 : gnupg2 vulnerabilities (USN-393-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg. This update\nprovides the corresponding updates for gnupg2.\n\nA buffer overflow was discovered in GnuPG. By tricking a user into\nrunning gpg interactively on a specially crafted message, an attacker\ncould execute arbitrary code with the user's privileges. This\nvulnerability is not exposed when running gpg in batch mode.\n(CVE-2006-6169)\n\nTavis Ormandy discovered that gnupg was incorrectly using\nthe stack. If a user were tricked into processing a\nspecially crafted message, an attacker could execute\narbitrary code with the user's privileges. (CVE-2006-6235).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/393-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnupg-agent, gnupg2 and / or gpgsm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gnupg-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gpgsm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.10\", pkgname:\"gnupg-agent\", pkgver:\"1.9.21-0ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"gnupg2\", pkgver:\"1.9.21-0ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"gpgsm\", pkgver:\"1.9.21-0ubuntu5.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg-agent / gnupg2 / gpgsm\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "27979", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:gnupg-agent", "p-cpe:/a:canonical:ubuntu_linux:gpgsm", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:gnupg2"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:48:19", "description": "A \"stack overwrite\" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.", "edition": 3, "cvss3": {}, "published": "2006-12-07T11:28:00", "title": "CVE-2006-6235", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6235"], "modified": "2018-10-17T21:47:00", "cpe": ["cpe:/a:gnu:privacy_guard:1.4.2.1", "cpe:/a:gnu:privacy_guard:1.4.2", "cpe:/a:gnu:privacy_guard:1.9.10", "cpe:/a:gnu:privacy_guard:1.2.6", "cpe:/a:gnu:privacy_guard:1.9.15", "cpe:/a:gnu:privacy_guard:1.4.2.2", "cpe:/o:redhat:fedora_core:core6", "cpe:/a:gnu:privacy_guard:2.0.1", "cpe:/a:gnu:privacy_guard:1.4.5", "cpe:/o:ubuntu:ubuntu_linux:6.06", "cpe:/a:gnu:privacy_guard:1.9.20", "cpe:/a:gnu:privacy_guard:1.3.4", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/a:gnu:privacy_guard:1.4.4", "cpe:/o:redhat:enterprise_linux_desktop:3.0", "cpe:/a:gnu:privacy_guard:1.3.3", "cpe:/a:gnu:privacy_guard:1.2.4", "cpe:/o:redhat:enterprise_linux_desktop:4.0", "cpe:/a:gnu:privacy_guard:1.4.1", "cpe:/o:ubuntu:ubuntu_linux:5.10", "cpe:/a:gpg4win:gpg4win:1.0.7", "cpe:/a:gnu:privacy_guard:1.4.3", "cpe:/o:rpath:linux:1", "cpe:/a:gnu:privacy_guard:1.2.7", "cpe:/a:gnu:privacy_guard:1.4", "cpe:/a:gnu:privacy_guard:1.2.5", "cpe:/o:redhat:linux_advanced_workstation:2.1", "cpe:/o:redhat:fedora_core:core_5.0", "cpe:/a:gnu:privacy_guard:2.0", "cpe:/o:redhat:enterprise_linux:4.0"], "id": "CVE-2006-6235", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6235", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.9.20:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:rpath:linux:1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:gpg4win:gpg4win:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:*:*:*:*:*:*", "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.9.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:fedora_core:core6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:48:19", "description": "Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with \"C-escape\" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.", "edition": 3, "cvss3": {}, "published": "2006-11-29T18:28:00", "title": "CVE-2006-6169", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-6169"], "modified": "2018-10-17T21:47:00", "cpe": ["cpe:/a:gnupg:gnupg:1.4", "cpe:/a:gnupg:gnupg:2.0"], "id": "CVE-2006-6169", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6169", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:gnupg:1.4:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:20", "bulletinFamily": "software", "cvelist": ["CVE-2006-6235"], "description": " GnuPG: remotely controllable function pointer [CVE-2006-6235]\r\n ===============================================================\r\n 2006-12-04\r\n\r\nSummary\r\n=======\r\n\r\nTavis Ormandy of the Gentoo security team identified a severe and\r\nexploitable bug in the processing of encrypted packets in GnuPG.\r\n\r\n[ Please do not send private mail in response to this message. The\r\n mailing list gnupg-devel is the best place to discuss this problem\r\n (please subscribe first so you don't need moderator approval [1]). ]\r\n\r\n\r\nImpact\r\n======\r\n\r\nUsing malformed OpenPGP packets an attacker is able to modify and\r\ndereference a function pointer in GnuPG. This is a remotely\r\nexploitable bug and affects any use of GnuPG where an attacker can\r\ncontrol the data processed by GnuPG. It is not necessary limited to\r\nencrypted data, also signed data may be affected.\r\n\r\nAffected versions: All versions of GnuPG < 1.4.6 \r\n All versions of GnuPG-2 < 2.0.2\r\n All beta versions of GnuPG-2 (1.9.0 .. 1.9.95)\r\nAffected tools: gpg, gpgv, gpg2 and gpgv2.\r\nAffected platforms: All.\r\n\r\ngpg-agent, gpgsm as well as other tools are not affected.\r\n\r\nA workaround is not known. \r\n\r\n\r\nSolution\r\n========\r\n\r\nIf you are using a vendor supplied version of GnuPG:\r\n\r\n * Wait for an update from your vendor. Vendors have been informed on\r\n Saturday December 2, less than a day after this bug has been reported.\r\n\r\nIf you are using GnuPG 1.4: \r\n\r\n * Update as soon as possible to GnuPG 1.4.6. It has been uploaded to\r\n the usual location: ftp://ftp.gnupg.org/gcrypt/gnupg/. This version\r\n was due to be released anyway this week. See\r\n http://www.gnupg.org/download/ for details.\r\n\r\n * Or: As another and less intrusive option, apply the attached patch\r\n to GnuPG 1.4.5. This is the smallest possible fix.\r\n\r\nIf you are using GnuPG 2.0:\r\n\r\n * Apply the attached patch against GnuPG 2.0.1.\r\n\r\n * Or: Stop using gpg2 and gpgv2, install GnuPG 1.4.6 and use gpg and gpgv\r\n instead.\r\n\r\nIf you are using a binary Windows version of GnuPG:\r\n\r\n * A binary version of GnuPG 1.4.6 for Windows is available as usual.\r\n\r\n * Gpg4win 1.0.8, including GnuPG 1.4.6, is available. Please go to\r\n http://www.gpg4win.org .\r\n\r\n\r\n\r\n\r\nBackground\r\n==========\r\n\r\nGnuPG uses data structures called filters to process OpenPGP messages.\r\nThese filters ware used in a similar way as a pipelines in the shell.\r\nFor communication between these filters context structures are used.\r\nThese are usually allocated on the stack and passed to the filter\r\nfunctions. At most places the OpenPGP data stream fed into these\r\nfilters is closed before the context structure gets deallocated.\r\nWhile decrypting encrypted packets, this may not happen in all cases\r\nand the filter may use a void contest structure filled with garbage.\r\nAn attacker may control this garbage. The filter context includes\r\nanother context used by the low-level decryption to access the\r\ndecryption algorithm. This is done using a function pointer. By\r\ncarefully crafting an OpenPGP message, an attacker may control this\r\nfunction pointer and call an arbitrary function of the process.\r\nObviously an exploit needs to prepared for a specific version,\r\ncompiler, libc, etc to be successful - but it is definitely doable.\r\n\r\nFixing this is obvious: We need to allocate the context on the heap\r\nand use a reference count to keep it valid as long as either the\r\ncontrolling code or the filter code needs it.\r\n\r\nWe have checked all other usages of such a stack based filter contexts\r\nbut fortunately found no other vulnerable places. This allows to\r\nrelease a relatively small patch. However, for reasons of code\r\ncleanness and easier audits we will soon start to change all these\r\nstack based filter contexts to heap based ones.\r\n\r\n\r\nSupport \r\n=======\r\n\r\ng10 Code GmbH, a Duesseldorf based company owned and headed by GnuPG's\r\nprincipal author, is currently funding GnuPG development. As evident\r\nby the two vulnerabilities found within a week, a review of the entire\r\ncode base should be undertaken as soon as possible. As maintainers we\r\ntry to do our best and are working slowly through the code. The long\r\nstanding plan is to scrutinize the 2.0 code base, write more test\r\ncases and to backport new fixes and cleanups to 1.4. However, as a\r\nsmall company our resources are limited and we need to prioritize\r\nother projects which get us actual revenues. Support contracts or\r\nother financial backing would greatly help us to improve the quality\r\nof GnuPG.\r\n\r\n\r\nThanks\r\n======\r\n\r\nTavis Ormandy found this vulnerability.\r\n\r\n\r\n\r\n\r\n[1] See http://lists.gnupg.org/mailman/listinfo/gnupg-devel .\r\n\r\n-- \r\ng10 Code GmbH http://g10code.com AmtsGer. Wuppertal HRB 14459\r\nHuttenstr. 61 Geschaftsfuhrung Werner Koch\r\nD-40699 Erkrath -=- The GnuPG Experts -=- USt-Id DE215605608", "edition": 1, "modified": "2006-12-07T00:00:00", "published": "2006-12-07T00:00:00", "id": "SECURITYVULNS:DOC:15322", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:15322", "title": "GnuPG: remotely controllable function pointer [CVE-2006-6235]", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:28:01", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": "USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg. This update \nprovides the corresponding updates for gnupg2.\n\nOriginal advisory details:\n\nA buffer overflow was discovered in GnuPG. By tricking a user into \nrunning gpg interactively on a specially crafted message, an attacker \ncould execute arbitrary code with the user's privileges. This \nvulnerability is not exposed when running gpg in batch mode. \n(CVE-2006-6169)\n\nTavis Ormandy discovered that gnupg was incorrectly using the stack. \nIf a user were tricked into processing a specially crafted message, an \nattacker could execute arbitrary code with the user's privileges. \n(CVE-2006-6235)", "edition": 6, "modified": "2006-12-07T00:00:00", "published": "2006-12-07T00:00:00", "id": "USN-393-2", "href": "https://ubuntu.com/security/notices/USN-393-2", "title": "GnuPG2 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:27:25", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6235"], "description": "Tavis Ormandy discovered that gnupg was incorrectly using the stack. If \na user were tricked into processing a specially crafted message, an \nattacker could execute arbitrary code with the user's privileges.", "edition": 6, "modified": "2006-12-07T00:00:00", "published": "2006-12-07T00:00:00", "id": "USN-393-1", "href": "https://ubuntu.com/security/notices/USN-393-1", "title": "GnuPG vulnerability", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:27:28", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6169"], "description": "A buffer overflow was discovered in GnuPG. By tricking a user into \nrunning gpg interactively on a specially crafted message, an attacker \ncould execute arbitrary code with the user's privileges. This \nvulnerability is not exposed when running gpg in batch mode.", "edition": 16, "modified": "2006-11-29T00:00:00", "published": "2006-11-29T00:00:00", "id": "USN-389-1", "href": "https://ubuntu.com/security/notices/USN-389-1", "title": "GnuPG vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:35:58", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": "New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\n10.2, and 11.0 to fix security issues.\n\nMore details about the issues may be found here:\n http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169\n\n\nHere are the details from the Slackware 11.0 ChangeLog:\n\npatches/packages/gnupg-1.4.6-i486-1_slack11.0.tgz:\n Upgraded to gnupg-1.4.6. This release fixes a severe and exploitable\n bug in earlier versions of gnupg. All gnupg users should update to the\n new packages as soon as possible. For details, see the information\n concerning CVE-2006-6235 posted on lists.gnupg.org:\n http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html\n The CVE entry for this issue may be found here:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235\n This update also addresses a more minor security issue possibly\n exploitable when GnuPG is used in interactive mode. For more information\n about that issue, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/gnupg-1.4.6-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gnupg-1.4.6-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gnupg-1.4.6-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/gnupg-1.4.6-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/gnupg-1.4.6-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gnupg-1.4.6-i486-1_slack11.0.tgz\n\n\nMD5 signatures:\n\nSlackware 9.0 package:\nbc23c2e8fd1862a3749d7ea9478654e2 gnupg-1.4.6-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\n1ec4938e51b300f332696f76ce5476b5 gnupg-1.4.6-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n8be8d0094be837dca5274c6ef17d0856 gnupg-1.4.6-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\nbdaf8c564a758fb13faecc8f030a8f3c gnupg-1.4.6-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\n1c9e9f1364086ccdb204d50d0ee87df2 gnupg-1.4.6-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\n8f0cd5490e5a12bddc4be418c6806fa3 gnupg-1.4.6-i486-1_slack11.0.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gnupg-1.4.6-i486-1_slack11.0.tgz", "modified": "2006-12-06T22:27:00", "published": "2006-12-06T22:27:00", "id": "SSA-2006-340-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.489452", "type": "slackware", "title": "[slackware-security] gnupg", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-25T16:35:57", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": "Hello,\n\nAs many people have pointed out, the last advisory (SSA:2006-340-01)\nwas not signed with the usual Slackware Security Team key\n(fingerprint 40102233). I did some reconfiguration on the box that\ndoes the distribution signing and it had some unintended\nside-effects. :-/ Several CHECKSUMS.md5.asc files were also signed\nwith the wrong key.\n\nThe affected CHECKSUMS.md5 files have been resigned and uploaded, and\nthis announcement has also been signed (and verified :-) using the\nusual primary Slackware signing key.\n\nAlso, it was noticed that the URL given to lists.gnupg.org was either\nincorrect or has changed since the advisory was issued. This error\nhas also been corrected.\n\nSorry for any confusion.\n\nPat\n\nCorrected advisory follows:\n\n\n[slackware-security] gnupg (SSA:2006-340-01)\n\nNew gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\n10.2, and 11.0 to fix security issues.\n\nMore details about the issues may be found here:\n http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169\n\n\nHere are the details from the Slackware 11.0 ChangeLog:\n\npatches/packages/gnupg-1.4.6-i486-1_slack11.0.tgz:\n Upgraded to gnupg-1.4.6. This release fixes a severe and exploitable\n bug in earlier versions of gnupg. All gnupg users should update to the\n new packages as soon as possible. For details, see the information\n concerning CVE-2006-6235 posted on lists.gnupg.org:\n http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html\n The CVE entry for this issue may be found here:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235\n This update also addresses a more minor security issue possibly\n exploitable when GnuPG is used in interactive mode. For more information\n about that issue, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/gnupg-1.4.6-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gnupg-1.4.6-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gnupg-1.4.6-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/gnupg-1.4.6-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/gnupg-1.4.6-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gnupg-1.4.6-i486-1_slack11.0.tgz\n\n\nMD5 signatures:\n\nSlackware 9.0 package:\nbc23c2e8fd1862a3749d7ea9478654e2 gnupg-1.4.6-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\n1ec4938e51b300f332696f76ce5476b5 gnupg-1.4.6-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n8be8d0094be837dca5274c6ef17d0856 gnupg-1.4.6-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\nbdaf8c564a758fb13faecc8f030a8f3c gnupg-1.4.6-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\n1c9e9f1364086ccdb204d50d0ee87df2 gnupg-1.4.6-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\n8f0cd5490e5a12bddc4be418c6806fa3 gnupg-1.4.6-i486-1_slack11.0.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gnupg-1.4.6-i486-1_slack11.0.tgz", "modified": "2006-12-07T22:03:33", "published": "2006-12-07T22:03:33", "id": "SSA-2006-340-01B", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.558418", "type": "slackware", "title": "[slackware-security] gnupg [resigned]", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:51:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-340-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:57701", "href": "http://plugins.openvas.org/nasl.php?oid=57701", "type": "openvas", "title": "Slackware Advisory SSA:2006-340-01 gnupg", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_340_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\n10.2, and 11.0 to fix security issues.\n\nMore details about the issues may be found here:\nhttp://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-340-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-340-01\";\n \nif(description)\n{\n script_id(57701);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2006-6235\", \"CVE-2006-6169\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-340-01 gnupg\";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-10-09T15:24:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": "The remote host is missing an update as announced\n via advisory SSA:2006-340-01b.", "modified": "2019-10-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231057712", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231057712", "type": "openvas", "title": "Slackware Advisory SSA:2006-340-01b gnupg [resigned]", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.57712\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"2019-10-07 14:34:48 +0000 (Mon, 07 Oct 2019)\");\n script_cve_id(\"CVE-2006-6235\", \"CVE-2006-6169\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"2019-10-07T14:34:48+0000\");\n script_name(\"Slackware Advisory SSA:2006-340-01b gnupg [resigned]\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(9\\.0|9\\.1|10\\.0|10\\.1|10\\.2|11\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-340-01b\");\n\n script_tag(name:\"insight\", value:\"As many people have pointed out, the last advisory (SSA:2006-340-01)\n was not signed with the usual Slackware Security Team key\n (fingerprint 40102233). I did some reconfiguration on the box that\n does the distribution signing and it had some unintended\n side-effects. :-/ Several CHECKSUMS.md5.asc files were also signed\n with the wrong key.\n\n The affected CHECKSUMS.md5 files have been resigned and uploaded, and\n this announcement has also been signed (and verified :-) using the\n usual primary Slackware signing key.\n\n Also, it was noticed that the URL given to lists.gnupg.org was either\n incorrect or has changed since the advisory was issued. This error\n has also been corrected.\n\n Sorry for any confusion.\n\n Pat\n\n Corrected advisory follows:\n\n +-----------+\n\n [slackware-security] gnupg (SSA:2006-340-01)\n\n New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\n 10.2, and 11.0 to fix security issues.\n\n More details about the issues are linked in the references.\");\n\n script_xref(name:\"URL\", value:\"http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\n via advisory SSA:2006-340-01b.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:37:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gpg\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5017544 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065204", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065204", "type": "openvas", "title": "SLES9: Security update for gpg", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5017544.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for gpg\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gpg\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5017544 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65204\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-6169\", \"CVE-2006-6235\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for gpg\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.4~68.22\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-10-09T15:25:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": "The remote host is missing an update as announced\n via advisory SSA:2006-340-01.", "modified": "2019-10-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231057701", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231057701", "type": "openvas", "title": "Slackware Advisory SSA:2006-340-01 gnupg", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.57701\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"2019-10-07 14:34:48 +0000 (Mon, 07 Oct 2019)\");\n script_cve_id(\"CVE-2006-6235\", \"CVE-2006-6169\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"2019-10-07T14:34:48+0000\");\n script_name(\"Slackware Advisory SSA:2006-340-01 gnupg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(9\\.0|9\\.1|10\\.0|10\\.1|10\\.2|11\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-340-01\");\n\n script_tag(name:\"insight\", value:\"New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\n 10.2, and 11.0 to fix security issues.\n\n More details about the issues are linked in the references.\");\n\n script_xref(name:\"URL\", value:\"http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\n via advisory SSA:2006-340-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-340-01b.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:57712", "href": "http://plugins.openvas.org/nasl.php?oid=57712", "type": "openvas", "title": "Slackware Advisory SSA:2006-340-01b gnupg [resigned]", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_340_01b.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Hello,\n\nAs many people have pointed out, the last advisory (SSA:2006-340-01)\nwas not signed with the usual Slackware Security Team key\n(fingerprint 40102233). I did some reconfiguration on the box that\ndoes the distribution signing and it had some unintended\nside-effects. :-/ Several CHECKSUMS.md5.asc files were also signed\nwith the wrong key.\n\nThe affected CHECKSUMS.md5 files have been resigned and uploaded, and\nthis announcement has also been signed (and verified :-) using the\nusual primary Slackware signing key.\n\nAlso, it was noticed that the URL given to lists.gnupg.org was either\nincorrect or has changed since the advisory was issued. This error\nhas also been corrected.\n\nSorry for any confusion.\n\nPat\n\nCorrected advisory follows:\n\n+-----------+\n\n[slackware-security] gnupg (SSA:2006-340-01)\n\nNew gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\n10.2, and 11.0 to fix security issues.\n\nMore details about the issues may be found here:\nhttp://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-340-01b.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-340-01b\";\n \nif(description)\n{\n script_id(57712);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2006-6235\", \"CVE-2006-6169\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-340-01b gnupg [resigned] \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnupg\", ver:\"1.4.6-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200612-03.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:57942", "href": "http://plugins.openvas.org/nasl.php?oid=57942", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200612-03 (gnupg)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"GnuPG is vulnerable to a buffer overflow and an erroneous function pointer\ndereference that can result in the execution of arbitrary code.\";\ntag_solution = \"All GnuPG users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '=app-crypt/gnupg-1.4*'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200612-03\nhttp://bugs.gentoo.org/show_bug.cgi?id=156476\nhttp://bugs.gentoo.org/show_bug.cgi?id=156947\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200612-03.\";\n\n \n\nif(description)\n{\n script_id(57942);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-6169\", \"CVE-2006-6235\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200612-03 (gnupg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-crypt/gnupg\", unaffected: make_list(\"ge 1.4.6\"), vulnerable: make_list(\"lt 1.4.6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gpg\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5017544 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65204", "href": "http://plugins.openvas.org/nasl.php?oid=65204", "type": "openvas", "title": "SLES9: Security update for gpg", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5017544.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for gpg\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gpg\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5017544 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65204);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-6169\", \"CVE-2006-6235\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for gpg\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gpg\", rpm:\"gpg~1.2.4~68.22\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": "The remote host is missing an update to gnupg\nannounced via advisory DSA 1231-1.\n\nSeveral remote vulnerabilities have been discovered in the GNU privacy,\na free PGP replacement, which may lead to the execution of arbitrary code.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2006-6169\n\nWerner Koch discovered that a buffer overflow in a sanitising function\nmay lead to execution of arbitrary code when running gnupg\ninteractively.\n\nCVE-2006-6235\n\nTavis Ormandy discovered that parsing a carefully crafted OpenPGP\npacket may lead to the execution of arbitrary code, as a function\npointer of an internal structure may be controlled through the\ndecryption routines.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:57709", "href": "http://plugins.openvas.org/nasl.php?oid=57709", "type": "openvas", "title": "Debian Security Advisory DSA 1231-1 (gnupg)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1231_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1231-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.4.1-1.sarge6.\n\nFor the upcoming stable distribution (etch) these problems have been\nfixed in version 1.4.6-1.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.4.6-1.\n\nWe recommend that you upgrade your gnupg packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201231-1\";\ntag_summary = \"The remote host is missing an update to gnupg\nannounced via advisory DSA 1231-1.\n\nSeveral remote vulnerabilities have been discovered in the GNU privacy,\na free PGP replacement, which may lead to the execution of arbitrary code.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2006-6169\n\nWerner Koch discovered that a buffer overflow in a sanitising function\nmay lead to execution of arbitrary code when running gnupg\ninteractively.\n\nCVE-2006-6235\n\nTavis Ormandy discovered that parsing a carefully crafted OpenPGP\npacket may lead to the execution of arbitrary code, as a function\npointer of an internal structure may be controlled through the\ndecryption routines.\";\n\n\nif(description)\n{\n script_id(57709);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-6169\", \"CVE-2006-6235\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1231-1 (gnupg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gnupg\", ver:\"1.4.1-1.sarge6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3082", "CVE-2006-6169", "CVE-2006-6235", "CVE-2006-3746"], "description": "Check for the Version of gnupg", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861323", "href": "http://plugins.openvas.org/nasl.php?oid=861323", "type": "openvas", "title": "Fedora Update for gnupg FEDORA-2007-316", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnupg FEDORA-2007-316\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnupg on Fedora Core 5\";\ntag_insight = \"GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and\n creating digital signatures. GnuPG has advanced key management\n capabilities and is compliant with the proposed OpenPGP Internet\n standard described in RFC2440. Since GnuPG doesn't use any patented\n algorithm, it is not compatible with any version of PGP2 (PGP2.x uses\n only IDEA for symmetric-key encryption, which is patented worldwide).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-March/msg00032.html\");\n script_id(861323);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:23:18 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-316\");\n script_cve_id(\"CVE-2006-6169\", \"CVE-2006-6235\", \"CVE-2006-3746\", \"CVE-2006-3082\");\n script_name( \"Fedora Update for gnupg FEDORA-2007-316\");\n\n script_summary(\"Check for the Version of gnupg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnupg\", rpm:\"gnupg~1.4.7~1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/gnupg\", rpm:\"x86_64/gnupg~1.4.7~1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/gnupg-debuginfo\", rpm:\"x86_64/debug/gnupg-debuginfo~1.4.7~1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/gnupg-debuginfo\", rpm:\"i386/debug/gnupg-debuginfo~1.4.7~1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/gnupg\", rpm:\"i386/gnupg~1.4.7~1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6235"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-20T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:57673", "href": "http://plugins.openvas.org/nasl.php?oid=57673", "type": "openvas", "title": "FreeBSD Ports: gnupg", "sourceData": "#\n#VID 4db1669c-8589-11db-ac4f-02e081235dab\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: gnupg\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html\nhttp://secunia.com/advisories/23245/\nhttp://www.vuxml.org/freebsd/4db1669c-8589-11db-ac4f-02e081235dab.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(57673);\n script_version(\"$Revision: 4118 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-20 07:32:38 +0200 (Tue, 20 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-6235\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: gnupg\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"gnupg\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.6\")<0) {\n txt += 'Package gnupg version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:24:15", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": "**CentOS Errata and Security Advisory** CESA-2006:0754\n\n\nGnuPG is a utility for encrypting data and creating digital signatures.\r\n\r\nTavis Ormandy discovered a stack overwrite flaw in the way GnuPG decrypts\r\nmessages. An attacker could create carefully crafted message that could cause\r\nGnuPG to execute arbitrary code if a victim attempts to decrypt the message.\r\n(CVE-2006-6235)\r\n\r\nA heap based buffer overflow flaw was found in the way GnuPG constructs\r\nmessages to be written to the terminal during an interactive session. An\r\nattacker could create a carefully crafted message which with user interaction\r\ncould cause GnuPG to execute arbitrary code with the permissions of the\r\nuser running GnuPG. (CVE-2006-6169)\r\n\r\nAll users of GnuPG are advised to upgrade to this updated package, which\r\ncontains a backported patch to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/025456.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/025457.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/025458.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/025459.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/025461.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/025463.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/025467.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/025468.html\n\n**Affected packages:**\ngnupg\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0754.html", "edition": 4, "modified": "2006-12-07T17:49:43", "published": "2006-12-06T18:36:40", "href": "http://lists.centos.org/pipermail/centos-announce/2006-December/025456.html", "id": "CESA-2006:0754", "title": "gnupg security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:28:23", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": "**CentOS Errata and Security Advisory** CESA-2006:0754-01\n\n\nGnuPG is a utility for encrypting data and creating digital signatures.\r\n\r\nTavis Ormandy discovered a stack overwrite flaw in the way GnuPG decrypts\r\nmessages. An attacker could create carefully crafted message that could cause\r\nGnuPG to execute arbitrary code if a victim attempts to decrypt the message.\r\n(CVE-2006-6235)\r\n\r\nA heap based buffer overflow flaw was found in the way GnuPG constructs\r\nmessages to be written to the terminal during an interactive session. An\r\nattacker could create a carefully crafted message which with user interaction\r\ncould cause GnuPG to execute arbitrary code with the permissions of the\r\nuser running GnuPG. (CVE-2006-6169)\r\n\r\nAll users of GnuPG are advised to upgrade to this updated package, which\r\ncontains a backported patch to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/025464.html\n\n**Affected packages:**\ngnupg\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 4, "modified": "2006-12-07T03:18:30", "published": "2006-12-07T03:18:30", "href": "http://lists.centos.org/pipermail/centos-announce/2006-December/025464.html", "id": "CESA-2006:0754-01", "title": "gnupg security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:13:33", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": "Two security problems were fixed in the GNU Privacy Guard (GPG).\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2006-12-13T12:47:52", "published": "2006-12-13T12:47:52", "id": "SUSE-SA:2006:075", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-12/msg00013.html", "type": "suse", "title": "remote code execution in gpg,gpg2", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:47:11", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": "GnuPG is a utility for encrypting data and creating digital signatures.\r\n\r\nTavis Ormandy discovered a stack overwrite flaw in the way GnuPG decrypts\r\nmessages. An attacker could create carefully crafted message that could cause\r\nGnuPG to execute arbitrary code if a victim attempts to decrypt the message.\r\n(CVE-2006-6235)\r\n\r\nA heap based buffer overflow flaw was found in the way GnuPG constructs\r\nmessages to be written to the terminal during an interactive session. An\r\nattacker could create a carefully crafted message which with user interaction\r\ncould cause GnuPG to execute arbitrary code with the permissions of the\r\nuser running GnuPG. (CVE-2006-6169)\r\n\r\nAll users of GnuPG are advised to upgrade to this updated package, which\r\ncontains a backported patch to correct these issues.", "modified": "2019-03-22T23:42:29", "published": "2006-12-06T05:00:00", "id": "RHSA-2006:0754", "href": "https://access.redhat.com/errata/RHSA-2006:0754", "type": "redhat", "title": "(RHSA-2006:0754) Important: gnupg security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:08", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": " [1.2.6-8]\n - incorporate patch from Werner to fix use of stack variable after it goes\n out of scope (CVE-2006-6235, #218480)\n \n [1.2.6-7]\n - add patch for overflow in openfile.c from Werner's mail (CVE-2006-6169) ", "edition": 4, "modified": "2006-12-11T00:00:00", "published": "2006-12-11T00:00:00", "id": "ELSA-2006-0754", "href": "http://linux.oracle.com/errata/ELSA-2006-0754.html", "title": "Important gnupg security update ", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:26", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "edition": 1, "description": "### Background\n\nThe GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. \n\n### Description\n\nHugh Warrington has reported a boundary error in GnuPG, in the \"ask_outfile_name()\" function from openfile.c: the make_printable_string() function could return a string longer than expected. Additionally, Tavis Ormandy of the Gentoo Security Team reported a design error in which a function pointer can be incorrectly dereferenced. \n\n### Impact\n\nA remote attacker could entice a user to interactively use GnuPG on a crafted file and trigger the boundary error, which will result in a buffer overflow. They could also entice a user to process a signed or encrypted file with gpg or gpgv, possibly called through another application like a mail client, to trigger the dereference error. Both of these vulnerabilities would result in the execution of arbitrary code with the permissions of the user running GnuPG. gpg-agent, gpgsm and other tools are not affected. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll GnuPG users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \"=app-crypt/gnupg-1.4*\"", "modified": "2006-12-10T00:00:00", "published": "2006-12-10T00:00:00", "id": "GLSA-200612-03", "href": "https://security.gentoo.org/glsa/200612-03", "type": "gentoo", "title": "GnuPG: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:16:02", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1231-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nDecember 9th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : gnupg\nVulnerability : several\nProblem-Type : local(remote)\nDebian-specific: no\nCVE ID : CVE-2006-6169 CVE-2006-6235\nDebian Bug : 401894 401898 401914\n\nSeveral remote vulnerabilities have been discovered in the GNU privacy,\na free PGP replacement, which may lead to the execution of arbitrary code.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2006-6169\n\n Werner Koch discovered that a buffer overflow in a sanitising function\n may lead to execution of arbitrary code when running gnupg\n interactively.\n\nCVE-2006-6235\n\n Tavis Ormandy discovered that parsing a carefully crafted OpenPGP\n packet may lead to the execution of arbitrary code, as a function\n pointer of an internal structure may be controlled through the\n decryption routines.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.4.1-1.sarge6.\n\nFor the upcoming stable distribution (etch) these problems have been\nfixed in version 1.4.6-1.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.4.6-1.\n\nWe recommend that you upgrade your gnupg packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6.dsc\n Size/MD5 checksum: 680 f99d9936fdb3d87b37f719d4f507702a\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6.diff.gz\n Size/MD5 checksum: 22889 219b13435d4594c530614638590b65d3\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1.orig.tar.gz\n Size/MD5 checksum: 4059170 1cc77c6943baaa711222e954bbd785e5\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_alpha.deb\n Size/MD5 checksum: 2156230 950520b2391eb6444593c66a8e96d6c3\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_amd64.deb\n Size/MD5 checksum: 1963738 589ab9ab433e000e919a38f558f54f5e\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_arm.deb\n Size/MD5 checksum: 1899822 158ed8fe21da9e2b8c730b3b2acce9a8\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_hppa.deb\n Size/MD5 checksum: 2004374 9daff80c38cf65bb299fb5ee370d44d6\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_i386.deb\n Size/MD5 checksum: 1909194 8752d3578b55a7fd1535bba18ca0770c\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_ia64.deb\n Size/MD5 checksum: 2325806 38fa7bb8def3d1a296aa6aa3432561a3\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_m68k.deb\n Size/MD5 checksum: 1811222 f51182d8badb7c2b0ef42b78c71be16d\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_mips.deb\n Size/MD5 checksum: 2001184 cc087abacd572bed64a2ab191d863946\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_mipsel.deb\n Size/MD5 checksum: 2007888 c42342dd898361ed9fcee1bdc8edc3e2\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_powerpc.deb\n Size/MD5 checksum: 1958036 ff8ee1d008561ce87732847e895024ec\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_s390.deb\n Size/MD5 checksum: 1967406 693212d3c1b12bf7f6f204daa0531f6a\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_sparc.deb\n Size/MD5 checksum: 1897740 3821e5e9e69241324d781fe78ed1ace7\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 9, "modified": "2006-12-09T00:00:00", "published": "2006-12-09T00:00:00", "id": "DEBIAN:DSA-1231-1:2437D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00332.html", "title": "[SECURITY] [DSA 1231-1] New gnupg packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-17T14:44:16", "description": " - Specially crafted files could overflow a buffer when gpg\n was used in interactive mode (CVE-2006-6169).\n\n - Specially crafted files could modify a function pointer\n and execute code this way (CVE-2006-6235).", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : gpg (gpg-2388)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "modified": "2007-10-17T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:gpg2", "p-cpe:/a:novell:opensuse:gpg"], "id": "SUSE_GPG-2388.NASL", "href": "https://www.tenable.com/plugins/nessus/27247", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gpg-2388.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27247);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-6169\", \"CVE-2006-6235\");\n\n script_name(english:\"openSUSE 10 Security Update : gpg (gpg-2388)\");\n script_summary(english:\"Check for the gpg-2388 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Specially crafted files could overflow a buffer when gpg\n was used in interactive mode (CVE-2006-6169).\n\n - Specially crafted files could modify a function pointer\n and execute code this way (CVE-2006-6235).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gpg packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gpg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gpg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"gpg-1.4.5-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"gpg2-1.9.22-20.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpg / gpg2\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:05:43", "description": "Updated GnuPG packages that fix two security issues are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nTavis Ormandy discovered a stack overwrite flaw in the way GnuPG\ndecrypts messages. An attacker could create carefully crafted message\nthat could cause GnuPG to execute arbitrary code if a victim attempts\nto decrypt the message. (CVE-2006-6235)\n\nA heap based buffer overflow flaw was found in the way GnuPG\nconstructs messages to be written to the terminal during an\ninteractive session. An attacker could create a carefully crafted\nmessage which with user interaction could cause GnuPG to execute\narbitrary code with the permissions of the user running GnuPG.\n(CVE-2006-6169)\n\nAll users of GnuPG are advised to upgrade to this updated package,\nwhich contains a backported patch to correct these issues.", "edition": 27, "published": "2006-12-11T00:00:00", "title": "RHEL 2.1 / 3 / 4 : gnupg (RHSA-2006:0754)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "modified": "2006-12-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:gnupg"], "id": "REDHAT-RHSA-2006-0754.NASL", "href": "https://www.tenable.com/plugins/nessus/23798", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0754. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23798);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-6169\", \"CVE-2006-6235\");\n script_bugtraq_id(21306, 21462);\n script_xref(name:\"RHSA\", value:\"2006:0754\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : gnupg (RHSA-2006:0754)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated GnuPG packages that fix two security issues are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nTavis Ormandy discovered a stack overwrite flaw in the way GnuPG\ndecrypts messages. An attacker could create carefully crafted message\nthat could cause GnuPG to execute arbitrary code if a victim attempts\nto decrypt the message. (CVE-2006-6235)\n\nA heap based buffer overflow flaw was found in the way GnuPG\nconstructs messages to be written to the terminal during an\ninteractive session. An attacker could create a carefully crafted\nmessage which with user interaction could cause GnuPG to execute\narbitrary code with the permissions of the user running GnuPG.\n(CVE-2006-6169)\n\nAll users of GnuPG are advised to upgrade to this updated package,\nwhich contains a backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-6169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-6235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0754\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnupg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0754\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"gnupg-1.0.7-20\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"gnupg-1.2.1-19\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"gnupg-1.2.6-8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:25:04", "description": "Updated GnuPG packages that fix two security issues are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nTavis Ormandy discovered a stack overwrite flaw in the way GnuPG\ndecrypts messages. An attacker could create carefully crafted message\nthat could cause GnuPG to execute arbitrary code if a victim attempts\nto decrypt the message. (CVE-2006-6235)\n\nA heap based buffer overflow flaw was found in the way GnuPG\nconstructs messages to be written to the terminal during an\ninteractive session. An attacker could create a carefully crafted\nmessage which with user interaction could cause GnuPG to execute\narbitrary code with the permissions of the user running GnuPG.\n(CVE-2006-6169)\n\nAll users of GnuPG are advised to upgrade to this updated package,\nwhich contains a backported patch to correct these issues.", "edition": 26, "published": "2006-12-11T00:00:00", "title": "CentOS 3 / 4 : gnupg (CESA-2006:0754)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "modified": "2006-12-11T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:gnupg", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2006-0754.NASL", "href": "https://www.tenable.com/plugins/nessus/23789", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0754 and \n# CentOS Errata and Security Advisory 2006:0754 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23789);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-6169\", \"CVE-2006-6235\");\n script_bugtraq_id(21306, 21462);\n script_xref(name:\"RHSA\", value:\"2006:0754\");\n\n script_name(english:\"CentOS 3 / 4 : gnupg (CESA-2006:0754)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated GnuPG packages that fix two security issues are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nTavis Ormandy discovered a stack overwrite flaw in the way GnuPG\ndecrypts messages. An attacker could create carefully crafted message\nthat could cause GnuPG to execute arbitrary code if a victim attempts\nto decrypt the message. (CVE-2006-6235)\n\nA heap based buffer overflow flaw was found in the way GnuPG\nconstructs messages to be written to the terminal during an\ninteractive session. An attacker could create a carefully crafted\nmessage which with user interaction could cause GnuPG to execute\narbitrary code with the permissions of the user running GnuPG.\n(CVE-2006-6169)\n\nAll users of GnuPG are advised to upgrade to this updated package,\nwhich contains a backported patch to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-December/013418.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?24f4faeb\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-December/013419.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2af605cc\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-December/013420.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7e6a7f1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-December/013421.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d17a0faf\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-December/013429.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bed57bac\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-December/013430.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b0572ac\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnupg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"gnupg-1.2.1-19\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"gnupg-1.2.6-8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:43:52", "description": "From Red Hat Security Advisory 2006:0754 :\n\nUpdated GnuPG packages that fix two security issues are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nTavis Ormandy discovered a stack overwrite flaw in the way GnuPG\ndecrypts messages. An attacker could create carefully crafted message\nthat could cause GnuPG to execute arbitrary code if a victim attempts\nto decrypt the message. (CVE-2006-6235)\n\nA heap based buffer overflow flaw was found in the way GnuPG\nconstructs messages to be written to the terminal during an\ninteractive session. An attacker could create a carefully crafted\nmessage which with user interaction could cause GnuPG to execute\narbitrary code with the permissions of the user running GnuPG.\n(CVE-2006-6169)\n\nAll users of GnuPG are advised to upgrade to this updated package,\nwhich contains a backported patch to correct these issues.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : gnupg (ELSA-2006-0754)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gnupg", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2006-0754.NASL", "href": "https://www.tenable.com/plugins/nessus/67429", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2006:0754 and \n# Oracle Linux Security Advisory ELSA-2006-0754 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67429);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-6169\", \"CVE-2006-6235\");\n script_bugtraq_id(21306, 21462);\n script_xref(name:\"RHSA\", value:\"2006:0754\");\n\n script_name(english:\"Oracle Linux 4 : gnupg (ELSA-2006-0754)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2006:0754 :\n\nUpdated GnuPG packages that fix two security issues are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nGnuPG is a utility for encrypting data and creating digital\nsignatures.\n\nTavis Ormandy discovered a stack overwrite flaw in the way GnuPG\ndecrypts messages. An attacker could create carefully crafted message\nthat could cause GnuPG to execute arbitrary code if a victim attempts\nto decrypt the message. (CVE-2006-6235)\n\nA heap based buffer overflow flaw was found in the way GnuPG\nconstructs messages to be written to the terminal during an\ninteractive session. An attacker could create a carefully crafted\nmessage which with user interaction could cause GnuPG to execute\narbitrary code with the permissions of the user running GnuPG.\n(CVE-2006-6169)\n\nAll users of GnuPG are advised to upgrade to this updated package,\nwhich contains a backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-December/000032.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnupg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"gnupg-1.2.6-8\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"gnupg-1.2.6-8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:44:17", "description": " - Specially crafted files could overflow a buffer when\n gpg2 was used in interactive mode (CVE-2006-6169).\n\n - Specially crafted files could modify a function pointer\n and execute code this way (CVE-2006-6235).", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : gpg2 (gpg2-2352)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gpg2", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_GPG2-2352.NASL", "href": "https://www.tenable.com/plugins/nessus/27251", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gpg2-2352.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27251);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-6169\", \"CVE-2006-6235\");\n\n script_name(english:\"openSUSE 10 Security Update : gpg2 (gpg2-2352)\");\n script_summary(english:\"Check for the gpg2-2352 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Specially crafted files could overflow a buffer when\n gpg2 was used in interactive mode (CVE-2006-6169).\n\n - Specially crafted files could modify a function pointer\n and execute code this way (CVE-2006-6235).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gpg2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gpg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"gpg2-1.9.18-17.13\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpg2\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:05:56", "description": "This update upgrades GnuPG to version 1.4.6, incorporating fixes for a\npotential buffer overflow (CVE-2006-6169) and referencing of a stack\nvariable after it passes out of scope (CVE-2006-6235).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2007-01-17T00:00:00", "title": "Fedora Core 5 : gnupg-1.4.6-1 (2006-1405)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "modified": "2007-01-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gnupg", "cpe:/o:fedoraproject:fedora_core:5", "p-cpe:/a:fedoraproject:fedora:gnupg-debuginfo"], "id": "FEDORA_2006-1405.NASL", "href": "https://www.tenable.com/plugins/nessus/24066", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-1405.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24066);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(21306, 21462);\n script_xref(name:\"FEDORA\", value:\"2006-1405\");\n\n script_name(english:\"Fedora Core 5 : gnupg-1.4.6-1 (2006-1405)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update upgrades GnuPG to version 1.4.6, incorporating fixes for a\npotential buffer overflow (CVE-2006-6169) and referencing of a stack\nvariable after it passes out of scope (CVE-2006-6235).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-December/001063.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?289bba27\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnupg and / or gnupg-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnupg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"gnupg-1.4.6-1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"gnupg-debuginfo-1.4.6-1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg / gnupg-debuginfo\");\n}\n", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:44:16", "description": " - Specially crafted files could overflow a buffer when\n gpg2 was used in interactive mode (CVE-2006-6169).\n\n - Specially crafted files could modify a function pointer\n and execute code this way (CVE-2006-6235).", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : gpg (gpg-2353)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gpg", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_GPG-2353.NASL", "href": "https://www.tenable.com/plugins/nessus/27246", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gpg-2353.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27246);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-6169\", \"CVE-2006-6235\");\n\n script_name(english:\"openSUSE 10 Security Update : gpg (gpg-2353)\");\n script_summary(english:\"Check for the gpg-2353 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Specially crafted files could overflow a buffer when\n gpg2 was used in interactive mode (CVE-2006-6169).\n\n - Specially crafted files could modify a function pointer\n and execute code this way (CVE-2006-6235).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gpg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gpg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"gpg-1.4.2-23.12\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpg\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:44:17", "description": " - Specially crafted files could overflow a buffer when\n gpg2 was used in interactive mode. (CVE-2006-6169)\n\n - Specially crafted files could modify a function pointer\n and execute code this way. (CVE-2006-6235)", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : gpg2 (ZYPP Patch Number 2354)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GPG2-2354.NASL", "href": "https://www.tenable.com/plugins/nessus/29452", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29452);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-6169\", \"CVE-2006-6235\");\n\n script_name(english:\"SuSE 10 Security Update : gpg2 (ZYPP Patch Number 2354)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Specially crafted files could overflow a buffer when\n gpg2 was used in interactive mode. (CVE-2006-6169)\n\n - Specially crafted files could modify a function pointer\n and execute code this way. (CVE-2006-6235)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-6169.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-6235.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2354.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"gpg2-1.9.18-17.13\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"gpg2-1.9.18-17.13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T09:10:18", "description": "New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\n10.2, and 11.0 to fix security issues.", "edition": 24, "published": "2007-02-18T00:00:00", "title": "Slackware 10.0 / 10.1 / 10.2 / 11.0 / 9.0 / 9.1 : gnupg (SSA:2006-340-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "modified": "2007-02-18T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1", "p-cpe:/a:slackware:slackware_linux:gnupg", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux:10.2"], "id": "SLACKWARE_SSA_2006-340-01.NASL", "href": "https://www.tenable.com/plugins/nessus/24662", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2006-340-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24662);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-6169\", \"CVE-2006-6235\");\n script_xref(name:\"SSA\", value:\"2006-340-01\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 11.0 / 9.0 / 9.1 : gnupg (SSA:2006-340-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\n10.2, and 11.0 to fix security issues.\"\n );\n # http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html\"\n );\n # http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.558418\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ba847a6\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.489452\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cb76660b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnupg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"9.0\", pkgname:\"gnupg\", pkgver:\"1.4.6\", pkgarch:\"i386\", pkgnum:\"1_slack9.0\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"gnupg\", pkgver:\"1.4.6\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"gnupg\", pkgver:\"1.4.6\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"gnupg\", pkgver:\"1.4.6\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"gnupg\", pkgver:\"1.4.6\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"gnupg\", pkgver:\"1.4.6\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:44:16", "description": " - Specially crafted files could overflow a buffer when\n gpg2 was used in interactive mode. (CVE-2006-6169)\n\n - Specially crafted files could modify a function pointer\n and execute code this way. (CVE-2006-6235)", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : gpg (ZYPP Patch Number 2355)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6169", "CVE-2006-6235"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GPG-2355.NASL", "href": "https://www.tenable.com/plugins/nessus/29449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29449);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-6169\", \"CVE-2006-6235\");\n\n script_name(english:\"SuSE 10 Security Update : gpg (ZYPP Patch Number 2355)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Specially crafted files could overflow a buffer when\n gpg2 was used in interactive mode. (CVE-2006-6169)\n\n - Specially crafted files could modify a function pointer\n and execute code this way. (CVE-2006-6235)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-6169.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-6235.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2355.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"gpg-1.4.2-23.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"gpg-1.4.2-23.12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3082", "CVE-2006-3746", "CVE-2006-6169", "CVE-2006-6235"], "description": "GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of PGP2 (PGP2.x uses only IDEA for symmetric-key encryption, which is patented worldwide). ", "modified": "2007-03-12T19:15:32", "published": "2007-03-12T19:15:32", "id": "FEDORA:L2CJFWF6006929", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 5 Update: gnupg-1.4.7-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-6235"], "description": "## Solution Description\nUpgrade to version 1.4.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm)\nSecurity Tracker: 1017349\n[Secunia Advisory ID:23269](https://secuniaresearch.flexerasoftware.com/advisories/23269/)\n[Secunia Advisory ID:23250](https://secuniaresearch.flexerasoftware.com/advisories/23250/)\n[Secunia Advisory ID:23303](https://secuniaresearch.flexerasoftware.com/advisories/23303/)\n[Secunia Advisory ID:23245](https://secuniaresearch.flexerasoftware.com/advisories/23245/)\n[Secunia Advisory ID:23299](https://secuniaresearch.flexerasoftware.com/advisories/23299/)\n[Secunia Advisory ID:23329](https://secuniaresearch.flexerasoftware.com/advisories/23329/)\n[Secunia Advisory ID:23290](https://secuniaresearch.flexerasoftware.com/advisories/23290/)\n[Secunia Advisory ID:23785](https://secuniaresearch.flexerasoftware.com/advisories/23785/)\n[Secunia Advisory ID:24047](https://secuniaresearch.flexerasoftware.com/advisories/24047/)\n[Secunia Advisory ID:23255](https://secuniaresearch.flexerasoftware.com/advisories/23255/)\n[Secunia Advisory ID:23284](https://secuniaresearch.flexerasoftware.com/advisories/23284/)\n[Secunia Advisory ID:23259](https://secuniaresearch.flexerasoftware.com/advisories/23259/)\n[Secunia Advisory ID:23513](https://secuniaresearch.flexerasoftware.com/advisories/23513/)\nRedHat RHSA: RHSA-2006:0754\nOther Advisory URL: http://www.ubuntu.com/usn/usn-393-1\nOther Advisory URL: http://www.ipcop.org/modules.php?op=modload&name=News&file=article&sid=31&mode=thread&order=0&thold=0\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:228\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc\nOther Advisory URL: http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html\nOther Advisory URL: https://issues.rpath.com/browse/RPL-835\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1231\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.489452\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200612-03.xml\nOther Advisory URL: http://www.trustix.org/errata/2006/0070/\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0107.html\nFrSIRT Advisory: 2006-4881\n[CVE-2006-6235](https://vulners.com/cve/CVE-2006-6235)\n", "edition": 1, "modified": "2006-12-06T14:48:48", "published": "2006-12-06T14:48:48", "href": "https://vulners.com/osvdb/OSVDB:31832", "id": "OSVDB:31832", "title": "GnuPG OpenPGP Packet Decryption Overflow", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "cvelist": ["CVE-2006-6169"], "description": "## Solution Description\nUpgrade to version 1.4.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:221)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm)\n[Vendor Specific Advisory URL](https://issues.rpath.com/browse/RPL-826)\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2006/0068/)\n[Secunia Advisory ID:23094](https://secuniaresearch.flexerasoftware.com/advisories/23094/)\n[Secunia Advisory ID:23146](https://secuniaresearch.flexerasoftware.com/advisories/23146/)\n[Secunia Advisory ID:23171](https://secuniaresearch.flexerasoftware.com/advisories/23171/)\n[Secunia Advisory ID:23269](https://secuniaresearch.flexerasoftware.com/advisories/23269/)\n[Secunia Advisory ID:23250](https://secuniaresearch.flexerasoftware.com/advisories/23250/)\n[Secunia Advisory ID:23303](https://secuniaresearch.flexerasoftware.com/advisories/23303/)\n[Secunia Advisory ID:25056](https://secuniaresearch.flexerasoftware.com/advisories/25056/)\n[Secunia Advisory ID:23299](https://secuniaresearch.flexerasoftware.com/advisories/23299/)\n[Secunia Advisory ID:23329](https://secuniaresearch.flexerasoftware.com/advisories/23329/)\n[Secunia Advisory ID:23785](https://secuniaresearch.flexerasoftware.com/advisories/23785/)\n[Secunia Advisory ID:24047](https://secuniaresearch.flexerasoftware.com/advisories/24047/)\n[Secunia Advisory ID:23110](https://secuniaresearch.flexerasoftware.com/advisories/23110/)\n[Secunia Advisory ID:23161](https://secuniaresearch.flexerasoftware.com/advisories/23161/)\n[Secunia Advisory ID:23284](https://secuniaresearch.flexerasoftware.com/advisories/23284/)\n[Secunia Advisory ID:23513](https://secuniaresearch.flexerasoftware.com/advisories/23513/)\nRedHat RHSA: RHSA-2006:0754\nOther Advisory URL: http://www.ipcop.org/modules.php?op=modload&name=News&file=article&sid=31&mode=thread&order=0&thold=0\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-May/0007.html\nOther Advisory URL: http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc\nOther Advisory URL: http://www.ubuntu.com/usn/usn-389-1\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1231\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.489452\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200612-03.xml\nOther Advisory URL: http://www.trustix.org/errata/2006/0070/\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0541.html\n[CVE-2006-6169](https://vulners.com/cve/CVE-2006-6169)\n", "edition": 1, "modified": "2006-11-27T08:33:55", "published": "2006-11-27T08:33:55", "href": "https://vulners.com/osvdb/OSVDB:30720", "id": "OSVDB:30720", "title": "GnuPG ask_outfile_name Function Prompt Construction Overflow", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cert": [{"lastseen": "2020-09-18T20:42:58", "bulletinFamily": "info", "cvelist": ["CVE-2006-6235"], "description": "### Overview \n\nA vulnerability in GnuPG could allow a remote attacker to execute arbitrary code on an affected system.\n\n### Description \n\nGNU Privacy Guard (GnuPG) is the GNU project's implementation of the OpenPGP standard as defined by [RFC2440](<http://www.apps.ietf.org/rfc/rfc2440.html>).\n\nOpenPGP messages are processed by GnuPG using data structures called filters that are used in a way similar to pipelines in the shell. Context structures that are usually allocated on the stack and passed to the filter functions are used for communications between these filters. Before the context structure gets deallocated, the OpenPGP data stream that is fed into the filters is closed. In some cases, while decrypting encrypted packets, this may not happen and the filter may use a void context structure filled with garbage that is under the attacker's control. Another context is included in the filter context for use by the low-level decryption. The decryption algorithm is accessed by this context via a function pointer. \n \nAccording to [GnuPG](<http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html>): \n_Using malformed OpenPGP packets an attacker is able to modify and dereference a function pointer in GnuPG. _ \n \nThe GnuPG advisory notes that both encrypted and signed data could be used as attack vectors for this vulnerability. \n \n--- \n \n### Impact \n\nA remote, unauthenticated attacker with the ability to supply specially crafted OpenPGP packets to a vulnerable version of GnuPG may be able to execute arbitrary code on an affected system. The attacker-supplied code would be executed with the privileges of the user or application invoking `gpg`. \n \n--- \n \n### Solution \n\n**Apply a patch or upgrade** \n \nPatches have been released to address this issue. Please see the Systems Affected section of this document for more details on specific vendors. \n \nUsers who compile GnuPG from the original distribution are encouraged to upgrade to version 1.4.6 (or later) or apply the [patch](<ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.5-1.4.6.diff.bz2>) to upgrade from 1.4.5 to 1.4.6. \n \n--- \n \n \n**Run with limited privileges** \n \nRunning GnuPG with reduced privileges may help mitigate the effects of this vulnerability. Note that this workaround will not prevent exploitation. \n \n--- \n \n### Vendor Information\n\n427009\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Debian GNU/Linux __ Affected\n\nNotified: December 18, 2006 Updated: December 21, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to Debian Security Advisory [dsa-1231](<http://www.us.debian.org/security/2006/dsa-1231>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23427009 Feedback>).\n\n### Gentoo Linux __ Affected\n\nNotified: December 18, 2006 Updated: December 21, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to Gentoo Linux Security Advisory [GLSA 200612-03](<http://www.gentoo.org/security/en/glsa/glsa-200612-03.xml>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23427009 Feedback>).\n\n### GnuPG __ Affected\n\nNotified: December 07, 2006 Updated: December 07, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe GnuPG development team has [published GnuPG version 1.4.6](<http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html>) in response to this issue. Users who compile GnuPG from the original distribution are encouraged to upgrade to this version (or later) or apply the [patch](<ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.5-1.4.6.diff.bz2>) to upgrade from 1.4.5 to 1.4.6.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23427009 Feedback>).\n\n### Mandriva, Inc. __ Affected\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nMandriva has correct this issue with updated packages via advisory MDKSA-2006:228 (<http://www.mandriva.com/security/advisories?name=MDKSA-2006:228>)\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### OpenPKG __ Affected\n\nUpdated: December 21, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to OpenPKG Security Advisory [2006.037](<http://openpkg.com/go/OpenPKG-SA-2006.037>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23427009 Feedback>).\n\n### Openwall GNU/*/Linux __ Affected\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have fixed this GnuPG vulnerability in Openwall GNU/*/Linux current as of 2006/12/06 and in 2.0-stable as of 2006/12/07.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Red Hat, Inc. __ Affected\n\nUpdated: December 07, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRed Hat has published Red Hat Security Advisory [RHSA-2006:0754](<https://rhn.redhat.com/errata/RHSA-2006-0754.html>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23427009 Feedback>).\n\n### SUSE Linux __ Affected\n\nNotified: December 18, 2006 Updated: December 19, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to SUSE Security Summary Report [SUSE-SR:2006:028](<http://www.novell.com/linux/security/advisories/2006_28_sr.html>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23427009 Feedback>).\n\n### Slackware Linux Inc. __ Affected\n\nUpdated: December 21, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe Slackware security team has published Slackware Security Advisory [SSA:2006-340-01](<http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.558418>) in response to this issue. Users are encouraged to review this response and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23427009 Feedback>).\n\n### Trustix Secure Linux __ Affected\n\nUpdated: December 11, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see [Trustix Secure Linux Security Advisory #2006-0070](<http://lists.trustix.org/pipermail/tsl-announce/2006-December/000447.html>) for more information.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23427009 Feedback>).\n\n### Ubuntu __ Affected\n\nUpdated: December 07, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe Ubuntu security team has published Ubuntu Security Notice [USN-393-1](<http://www.ubuntu.com/usn/usn-393-1>) in response to this issue. Users are encouraged to review this notice and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23427009 Feedback>).\n\n### rPath __ Affected\n\nUpdated: December 07, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`rPath Security Advisory: 2006-0227-1 \nPublished: 2006-12-06 \nProducts: rPath Linux 1 \nRating: Severe \nExposure Level Classification: \nIndirect Deterministic Privilege Escalation \nUpdated Versions: \ngnupg=/conary.rpath.com@rpl:devel//1/1.4.6-0.1- \n \nReferences: \n<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235> \n<https://issues.rpath.com/browse/RPL-835> \n \nDescription: \nPrevious versions of the gnupg package will execute attacker-provided \ncode found in intentionally malformed OpenPGP packets. This allows an \nattacker to run arbitrary code as the user invoking gpg on the file \nthat contains the malformed packets.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Apple Computer, Inc. Not Affected\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sun Microsystems, Inc. __ Not Affected\n\nNotified: December 18, 2006 Updated: December 21, 2006 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nSun does not ship GnuPG with Solaris and thus Solaris is not directly impacted by this issue. If a vulnerable version of GnuPG has been built and/or installed on a Solaris system then GnuPG will need to be updated to address this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### EMC, Inc. (formerly Data General Corporation) Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### FreeBSD, Inc. Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hewlett-Packard Company Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hitachi Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Immunix Communications, Inc. Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ingrian Networks, Inc. Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Juniper Networks, Inc. Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Microsoft Corporation Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Novell, Inc. Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### QNX, Software Systems, Inc. Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: December 18, 2006 Updated: December 18, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\nView all 43 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000245.html>\n * <http://secunia.com/advisories/23245/>\n * <http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html>\n * <http://secunia.com/advisories/23329/>\n * <http://secunia.com/advisories/23269/>\n * <http://secunia.com/advisories/23284/>\n * <http://secunia.com/advisories/23250/>\n * <http://secunia.com/advisories/23299/>\n * <http://secunia.com/advisories/23303/>\n * <http://secunia.com/advisories/23290/>\n * <http://secunia.com/advisories/23259/>\n * <http://secunia.com/advisories/24047/>\n\n### Acknowledgements\n\nThis issue was publicly reported by Werner Koch of the GnuPG project who, in turn, credits Tavis Ormandy of the Gentoo Security Team with its discovery.\n\nThis document was written by Chad R Dougherty and Chris Taschner.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-6235](<http://web.nvd.nist.gov/vuln/detail/CVE-2006-6235>) \n---|--- \n**Severity Metric:** | 9.11 \n**Date Public:** | 2006-12-06 \n**Date First Published:** | 2006-12-18 \n**Date Last Updated: ** | 2007-02-06 20:46 UTC \n**Document Revision: ** | 44 \n", "modified": "2007-02-06T20:46:00", "published": "2006-12-18T00:00:00", "id": "VU:427009", "href": "https://www.kb.cert.org/vuls/id/427009", "type": "cert", "title": "GnuPG vulnerable to remote data control", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:39", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6235"], "description": "\nWerner Koch reports:\n\nGnuPG uses data structures called filters to process\n\t OpenPGP messages. These filters are used in a similar\n\t way as a pipelines in the shell. For communication\n\t between these filters context structures are used.\tThese\n\t are usually allocated on the stack and passed to the\n\t filter functions. At most places the OpenPGP data stream\n\t fed into these filters is closed before the context\n\t structure gets deallocated. While decrypting encrypted\n\t packets, this may not happen in all cases and the filter\n\t may use a void contest structure filled with garbage. An\n\t attacker may control this garbage.\tThe filter context\n\t includes another context used by the low-level decryption\n\t to access the decryption algorithm. This is done using a\n\t function pointer. By carefully crafting an OpenPGP\n\t message, an attacker may control this function pointer and\n\t call an arbitrary function of the process.\tObviously an\n\t exploit needs to prepared for a specific version,\n\t compiler, libc, etc to be successful - but it is\n\t definitely doable.\nFixing this is obvious: We need to allocate the context on\n\t the heap and use a reference count to keep it valid as\n\t long as either the controlling code or the filter code\n\t needs it.\nWe have checked all other usages of such a stack based\n\t filter contexts but fortunately found no other vulnerable\n\t places. This allows to release a relatively small patch.\n\t However, for reasons of code cleanness and easier audits\n\t we will soon start to change all these stack based filter\n\t contexts to heap based ones.\n\n", "edition": 4, "modified": "2006-12-15T00:00:00", "published": "2006-12-04T00:00:00", "id": "4DB1669C-8589-11DB-AC4F-02E081235DAB", "href": "https://vuxml.freebsd.org/freebsd/4db1669c-8589-11db-ac4f-02e081235dab.html", "title": "gnupg -- remotely controllable function pointer", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}