Podatność CVE-2006-6235


Publikacja: 2006-12-07   Modyfikacja: 2012-02-12

Opis:
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

Typ:

CWE-Other

Producent: Redhat
Produkt: Fedora core 
Wersje: core_5.0; core6;
Produkt: Enterprise linux desktop 
Wersje: 4.0; 3.0;
Produkt: Enterprise linux 
Wersje: 4.0;
Produkt: Linux advanced workstation 
Wersje: 2.1;
Producent: Ubuntu
Produkt: Ubuntu linux 
Wersje: 6.06; 5.10;
Producent: GNU
Produkt: Privacy guard 
Wersje:
2.0.1
2.0
1.9.20
1.9.15
1.9.10
1.4.5
1.4.4
1.4.3
1.4.2.2
1.4.2.1
1.4.2
1.4.1
1.4
1.3.4
1.3.3
1.2.7
1.2.6
1.2.5
1.2.4
Producent: Slackware
Produkt: Slackware linux 
Wersje: 11.0;
Producent: Gpg4win
Produkt: Gpg4win 
Wersje: 1.0.7;
Producent: Rpath
Produkt: Linux 
Wersje: 1;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
10/10
10/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny

 Referencje:
ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html
http://security.gentoo.org/glsa/glsa-200612-03.xml
http://securitytracker.com/id?1017349
http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm
http://www.debian.org/security/2006/dsa-1231
http://www.kb.cert.org/vuls/id/427009
http://www.mandriva.com/security/advisories?name=MDKSA-2006:228
http://www.novell.com/linux/security/advisories/2006_28_sr.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html
http://www.redhat.com/support/errata/RHSA-2006-0754.html
http://www.securityfocus.com/archive/1/453664/100/0/threaded
http://www.securityfocus.com/archive/1/453723/100/0/threaded
http://www.securityfocus.com/bid/21462
http://www.trustix.org/errata/2006/0070
http://www.ubuntu.com/usn/usn-393-1
http://www.ubuntu.com/usn/usn-393-2
http://www.vupen.com/english/advisories/2006/4881
https://exchange.xforce.ibmcloud.com/vulnerabilities/30711
https://issues.rpath.com/browse/RPL-835
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245

Podobne CVE
CVE-2008-4832
rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fi...
CVE-2008-3138
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.
CVE-2008-3139
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.
CVE-2008-2139
The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain p...
CVE-2008-2140
Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL.
CVE-2008-1078
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.
CVE-2007-5962
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a ...
CVE-2007-5686
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certa...

Copyright 2019, cxsecurity.com

 

Back to Top