parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

The remote BIG-IP device is missing a patch required by a security advisory.

It is possible to crash (denial of service) the GNU Privacy Guard (gpg) by supplying a specifically crafted message specifying a very large UID, which leads to an out of memory situation or an integer overflow.

It is unclear if this problem can be exploited to execute code.

This issue is tracked by the Mitre CVE ID CVE-2006-3082.

Evgeny Legerov discovered that GnuPG did not sufficiently check overly large user ID packets. Specially crafted user IDs caused a buffer overflow. By tricking an user or remote automated system into processing a malicous GnuPG message, an attacker could exploit this to crash GnuPG or possibly even execute arbitrary code.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It is possible to crash (denial of service) the GNU Privacy Guard (gpg) by supplying a specifically crafted message specifying a very large UID, which leads to an out of memory situation or an integer overflow. It is unclear if this problem can be exploited to execute code. This issue is tracked by the Mitre CVE ID CVE-2006-3082.

Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID string.

An updated GnuPG package that fixes a security issue is now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

GnuPG is a utility for encrypting data and creating digital signatures.

An integer overflow flaw was found in GnuPG. An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened.
(CVE-2006-3082)

All users of GnuPG are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

New GnuPG packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues which could allow an attacker to crash gnupg and possibly overwrite memory which could lead to an integer overflow.

If GnuPG processes a userid with a very long packet length, GnuPG can crash due to insufficient bounds check. This can result in a denial-of-service condition or potentially execution of arbitrary code with the privileges of the user running GnuPG.

A vulnerability was discovered in GnuPG 1.4.3 and 1.9.20 (and earlier) that could allow a remote attacker to cause gpg to crash and possibly overwrite memory via a message packet with a large length.

The updated packages have been patched to correct these issues.

ID	Name	Product	Family	Severity
78208	F5 Networks BIG-IP : Denial of service vulnerability in GnuPG (SOL6535)	Nessus	F5 Networks Local Security Checks	medium
29451	SuSE 10 Security Update : gpg2 (ZYPP Patch Number 1834)	Nessus	SuSE Local Security Checks	medium
27879	Ubuntu 5.04 / 5.10 / 6.06 LTS : gnupg vulnerability (USN-304-1)	Nessus	Ubuntu Local Security Checks	medium
27249	openSUSE 10 Security Update : gpg2 (gpg2-1835)	Nessus	SuSE Local Security Checks	medium
27244	openSUSE 10 Security Update : gpg (gpg-1664)	Nessus	SuSE Local Security Checks	medium
22657	Debian DSA-1115-1 : gnupg2 - integer overflow	Nessus	Debian Local Security Checks	medium
22649	Debian DSA-1107-1 : gnupg - integer overflow	Nessus	Debian Local Security Checks	medium
22069	RHEL 2.1 / 3 / 4 : gnupg (RHSA-2006:0571)	Nessus	Red Hat Local Security Checks	medium
22065	CentOS 3 / 4 : gnupg (CESA-2006:0571)	Nessus	CentOS Local Security Checks	medium
21766	Slackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : gnupg DoS (SSA:2006-178-02)	Nessus	Slackware Local Security Checks	medium
21756	FreeBSD : gnupg -- user id integer overflow vulnerability (f900bda8-0472-11db-bbf7-000c6ec775d9)	Nessus	FreeBSD Local Security Checks	medium
21754	Mandrake Linux Security Advisory : gnupg (MDKSA-2006:110)	Nessus	Mandriva Local Security Checks	medium

Detections

Analytics

CVE-2006-3082

high

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium