Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-393-2
HistoryDec 07, 2006 - 12:00 a.m.

GnuPG2 vulnerabilities

2006-12-0700:00:00
ubuntu.com
27

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.056 Low

EPSS

Percentile

93.2%

JSON

Releases

  • Ubuntu 6.10

Details

USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg. This update
provides the corresponding updates for gnupg2.

Original advisory details:

A buffer overflow was discovered in GnuPG. By tricking a user into
running gpg interactively on a specially crafted message, an attacker
could execute arbitrary code with the user’s privileges. This
vulnerability is not exposed when running gpg in batch mode.
(CVE-2006-6169)

Tavis Ormandy discovered that gnupg was incorrectly using the stack.
If a user were tricked into processing a specially crafted message, an
attacker could execute arbitrary code with the user’s privileges.
(CVE-2006-6235)

OSVersionArchitecturePackageVersionFilename
Ubuntu6.10noarchgnupg2< 1.9.21-0ubuntu5.2UNKNOWN

Related

nessus 19
openvas 16
suse 1
slackware 2
gentoo 1
osv 1
debian 1
redhat 1
oraclelinux 1
centos 2
fedora 1
securityvulns 1
ubuntu 1
debiancve 2
cve 2
ubuntucve 2
freebsd 1
cert 1
nessus
nessus
RHEL 2.1 / 3 / 4 : gnupg (RHSA-2006:0754)
2006-12-11 00:00:00
openSUSE 10 Security Update : gpg2 (gpg2-2352)
2007-10-17 00:00:00
CentOS 3 / 4 : gnupg (CESA-2006:0754)
2006-12-11 00:00:00
openvas
openvas
Debian Security Advisory DSA 1231-1 (gnupg)
2008-01-17 00:00:00
Slackware Advisory SSA:2006-340-01b gnupg [resigned]
2012-09-11 00:00:00
Ubuntu: Security Advisory (USN-393-2)
2022-08-26 00:00:00
suse
suse
remote code execution in gpg,gpg2
2006-12-13 12:47:52
slackware
slackware
[slackware-security] gnupg [resigned]
2006-12-07 22:03:33
[slackware-security] gnupg
2006-12-06 22:27:00
gentoo
gentoo
GnuPG: Multiple vulnerabilities
2006-12-10 00:00:00
osv
osv
gnupg
2006-12-09 00:00:00
debian
debian
[SECURITY] [DSA 1231-1] New gnupg packages fix arbitrary code execution
2006-12-09 00:00:00
redhat
redhat
(RHSA-2006:0754) Important: gnupg security update
2006-12-06 00:00:00
oraclelinux
oraclelinux
Important gnupg security update
2006-12-11 00:00:00
centos
centos
gnupg security update
2006-12-06 18:36:40
gnupg security update
2006-12-07 03:18:30
fedora
fedora
[SECURITY] Fedora Core 5 Update: gnupg-1.4.7-1
2007-03-12 19:15:32
securityvulns
securityvulns
GnuPG: remotely controllable function pointer [CVE-2006-6235]
2006-12-07 00:00:00
ubuntu
ubuntu
GnuPG vulnerability
2006-12-07 00:00:00
debiancve
debiancve
CVE-2006-6235
2006-12-07 11:28:00
CVE-2006-6169
2006-11-29 18:28:00
cve
cve
CVE-2006-6169
2006-11-29 18:28:00
CVE-2006-6235
2006-12-07 11:28:00
ubuntucve
ubuntucve
CVE-2006-6169
2006-11-29 00:00:00
CVE-2006-6235
2006-12-07 00:00:00
freebsd
freebsd
gnupg -- remotely controllable function pointer
2006-12-04 00:00:00
cert
cert
GnuPG vulnerable to remote data control
2006-12-18 00:00:00

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.056 Low

EPSS

Percentile

93.2%

JSON
Related for USN-393-2
nessus19openvas16suse1slackware2gentoo1osv1debian1redhat1oraclelinux1centos2fedora1securityvulns1ubuntu1debiancve2cve2ubuntucve2freebsd1cert1