Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3082

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3082
Last Modified 07 Mar 2011 12:00:00
Published 19 Jun 2006 02:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3082

Summary

parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

Vulnerable Systems

Application

  • Gnupg 1.4.3

  • Gnupg 1.9.20


References

XF - gnupg-parsepacket-bo(27245)

VUPEN - ADV-2006-2450

UBUNTU - USN-304-1

BID - 18554

BUGTRAQ - 20060629 rPSA-2006-0120-1 gnupg

REDHAT - RHSA-2006:0571

OPENPKG - OpenPKG-SA-2006.010

SUSE - SUSE-SR:2006:015

SUSE - SUSE-SR:2006:018

MANDRIVA - MDKSA-2006:110

DEBIAN - DSA-1115

DEBIAN - DSA-1107

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm

SLACKWARE - SSA:2006-178-02

SECTRACK - 1016519

SECUNIA - 21585

SECUNIA - 21143

SECUNIA - 21137

SECUNIA - 21135

SECUNIA - 21063

SECUNIA - 20968

SECUNIA - 20899

SECUNIA - 20881

SECUNIA - 20829

SECUNIA - 20811

SECUNIA - 20801

SECUNIA - 20783

FULLDISC - 20060601 Re: GnuPG fun

FULLDISC - 20060531 RE: GnuPG fun

FULLDISC - 20060531 GnuPG fun

CONFIRM - http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157

SGI - 20060701-01-U


Last Updated: 27 May 2016 10:42:52