Detections
Analytics
Debian DSA-1231-1 : gnupg - several vulnerabilities
critical Nessus Plugin ID 23792
Synopsis
The remote Debian host is missing a security-related update.Description
Several remote vulnerabilities have been discovered in the GNU privacy guard, a free PGP replacement, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :- CVE-2006-6169 Werner Koch discovered that a buffer overflow in a sanitising function may lead to execution of arbitrary code when running gnupg interactively.
- CVE-2006-6235 Tavis Ormandy discovered that parsing a carefully crafted OpenPGP packet may lead to the execution of arbitrary code, as a function pointer of an internal structure may be controlled through the decryption routines.
Solution
Upgrade the gnupg packages.For the stable distribution (sarge) these problems have been fixed in version 1.4.1-1.sarge6.
For the upcoming stable distribution (etch) these problems have been fixed in version 1.4.6-1.
See Also
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=401894
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=401898
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=401914
https://security-tracker.debian.org/tracker/CVE-2006-6169
Plugin Details
Severity: Critical
ID: 23792
File Name: debian_DSA-1231.nasl
Version: 1.17
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 12/11/2006
Updated: 1/4/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:gnupg, cpe:/o:debian:debian_linux:3.1
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Patch Publication Date: 12/9/2006
Vulnerability Publication Date: 11/27/2006
Reference Information
CVE: CVE-2006-6169, CVE-2006-6235
DSA: 1231