Vulnerability CVE-2006-6235


Published: 2006-12-07   Modified: 2012-02-12

Description:
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Ubuntu -> Ubuntu linux 
Slackware -> Slackware linux 
Rpath -> Linux 
Redhat -> Enterprise linux 
Redhat -> Enterprise linux desktop 
Redhat -> Fedora core 
Redhat -> Linux advanced workstation 
Gpg4win -> Gpg4win 
GNU -> Privacy guard 

 References:
ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html
http://security.gentoo.org/glsa/glsa-200612-03.xml
http://securitytracker.com/id?1017349
http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm
http://www.debian.org/security/2006/dsa-1231
http://www.kb.cert.org/vuls/id/427009
http://www.mandriva.com/security/advisories?name=MDKSA-2006:228
http://www.novell.com/linux/security/advisories/2006_28_sr.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html
http://www.redhat.com/support/errata/RHSA-2006-0754.html
http://www.securityfocus.com/archive/1/453664/100/0/threaded
http://www.securityfocus.com/archive/1/453723/100/0/threaded
http://www.securityfocus.com/bid/21462
http://www.trustix.org/errata/2006/0070
http://www.ubuntu.com/usn/usn-393-1
http://www.ubuntu.com/usn/usn-393-2
http://www.vupen.com/english/advisories/2006/4881
https://exchange.xforce.ibmcloud.com/vulnerabilities/30711
https://issues.rpath.com/browse/RPL-835
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245

Copyright 2021, cxsecurity.com

 

Back to Top