Lucene search

[email protected]NVD:CVE-2006-6235

HistoryDec 07, 2006 - 11:28 a.m.

CVE-2006-6235

2006-12-0711:28:00

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.056 Low

EPSS

Percentile

93.3%

JSON

A “stack overwrite” vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

Affected configurations

NVD

Node

gnuprivacy_guardMatch1.2.4

gnuprivacy_guardMatch1.2.5

gnuprivacy_guardMatch1.2.6

gnuprivacy_guardMatch1.2.7

gnuprivacy_guardMatch1.3.3

gnuprivacy_guardMatch1.3.4

gnuprivacy_guardMatch1.4

gnuprivacy_guardMatch1.4.1

gnuprivacy_guardMatch1.4.2

gnuprivacy_guardMatch1.4.2.1

gnuprivacy_guardMatch1.4.2.2

gnuprivacy_guardMatch1.4.3

gnuprivacy_guardMatch1.4.4

gnuprivacy_guardMatch1.4.5

gnuprivacy_guardMatch1.9.10

gnuprivacy_guardMatch1.9.15

gnuprivacy_guardMatch1.9.20

gnuprivacy_guardMatch2.0

gnuprivacy_guardMatch2.0.1

gpg4wingpg4winMatch1.0.7

Node

redhatenterprise_linuxMatch4.0advanced_server

redhatenterprise_linuxMatch4.0enterprise_server

redhatenterprise_linuxMatch4.0workstation

redhatenterprise_linux_desktopMatch3.0

redhatenterprise_linux_desktopMatch4.0

redhatfedora_coreMatchcore_5.0

redhatfedora_coreMatchcore6

redhatlinux_advanced_workstationMatch2.1itanium_processor

rpathlinuxMatch1

slackwareslackware_linuxMatch11.0

ubuntuubuntu_linuxMatch5.10

ubuntuubuntu_linuxMatch6.06

References

ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc

lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html

lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html

secunia.com/advisories/23245

secunia.com/advisories/23250

secunia.com/advisories/23255

secunia.com/advisories/23259

secunia.com/advisories/23269

secunia.com/advisories/23284

secunia.com/advisories/23290

secunia.com/advisories/23299

secunia.com/advisories/23303

secunia.com/advisories/23329

secunia.com/advisories/23335

secunia.com/advisories/23513

secunia.com/advisories/24047

security.gentoo.org/glsa/glsa-200612-03.xml

securitytracker.com/id?1017349

support.avaya.com/elmodocs2/security/ASA-2007-047.htm

www.debian.org/security/2006/dsa-1231

www.kb.cert.org/vuls/id/427009

www.mandriva.com/security/advisories?name=MDKSA-2006:228

www.novell.com/linux/security/advisories/2006_28_sr.html

www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html

www.redhat.com/support/errata/RHSA-2006-0754.html

www.securityfocus.com/archive/1/453664/100/0/threaded

www.securityfocus.com/archive/1/453723/100/0/threaded

www.securityfocus.com/bid/21462

www.trustix.org/errata/2006/0070

www.ubuntu.com/usn/usn-393-1

www.ubuntu.com/usn/usn-393-2

www.vupen.com/english/advisories/2006/4881

exchange.xforce.ibmcloud.com/vulnerabilities/30711

issues.rpath.com/browse/RPL-835

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.056 Low

EPSS

Percentile

93.3%

JSON

Related for NVD:CVE-2006-6235

cert1 openvas16 ubuntucve1 cve1 cvelist1 securityvulns1 nessus17 ubuntu2 debiancve1 freebsd1 oraclelinux1 centos2 slackware2 redhat1 gentoo1 suse1 debian1 osv1 fedora1