Vulnerability CVE-2006-6235


Published: 2006-12-07   Modified: 2012-02-12

Description:
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

Type:

CWE-Other

Vendor: Redhat
Product: Fedora core 
Version: core_5.0; core6;
Product: Enterprise linux desktop 
Version: 4.0; 3.0;
Product: Enterprise linux 
Version: 4.0;
Product: Linux advanced workstation 
Version: 2.1;
Vendor: Ubuntu
Product: Ubuntu linux 
Version: 6.06; 5.10;
Vendor: GNU
Product: Privacy guard 
Version:
2.0.1
2.0
1.9.20
1.9.15
1.9.10
1.4.5
1.4.4
1.4.3
1.4.2.2
1.4.2.1
1.4.2
1.4.1
1.4
1.3.4
1.3.3
1.2.7
1.2.6
1.2.5
1.2.4
Vendor: Slackware
Product: Slackware linux 
Version: 11.0;
Vendor: Gpg4win
Product: Gpg4win 
Version: 1.0.7;
Vendor: Rpath
Product: Linux 
Version: 1;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html
http://security.gentoo.org/glsa/glsa-200612-03.xml
http://securitytracker.com/id?1017349
http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm
http://www.debian.org/security/2006/dsa-1231
http://www.kb.cert.org/vuls/id/427009
http://www.mandriva.com/security/advisories?name=MDKSA-2006:228
http://www.novell.com/linux/security/advisories/2006_28_sr.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html
http://www.redhat.com/support/errata/RHSA-2006-0754.html
http://www.securityfocus.com/archive/1/453664/100/0/threaded
http://www.securityfocus.com/archive/1/453723/100/0/threaded
http://www.securityfocus.com/bid/21462
http://www.trustix.org/errata/2006/0070
http://www.ubuntu.com/usn/usn-393-1
http://www.ubuntu.com/usn/usn-393-2
http://www.vupen.com/english/advisories/2006/4881
https://exchange.xforce.ibmcloud.com/vulnerabilities/30711
https://issues.rpath.com/browse/RPL-835
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245

Related CVE
CVE-2008-4832
rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fi...
CVE-2008-3138
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.
CVE-2008-3139
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.
CVE-2008-2139
The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain p...
CVE-2008-2140
Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL.
CVE-2008-1078
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.
CVE-2007-5962
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a ...
CVE-2007-5686
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certa...

Copyright 2019, cxsecurity.com

 

Back to Top