GnuPG Multiple Potential Vulnerabilities
BID:22064
Info
GnuPG Multiple Potential Vulnerabilities
| Bugtraq ID: | 22064 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 15 2007 12:00AM |
| Updated: | Jan 16 2007 06:00PM |
| Credit: | These issues were discovered by Felix von Leitner <[email protected]>. |
| Vulnerable: |
GNU GNU Privacy Guard 1.4.6 |
| Not Vulnerable: | |
Discussion
GnuPG Multiple Potential Vulnerabilities
GnuPG is potentially prone to multiple remote vulnerabilities. These issues are only 'potential' vulnerabilities, becuase they arise due to a code audit resulting in patches designed to add bounds checking and other fixes to the source code. The code audit lacked sufficient detail to determine if the fixes address actual vulnerabilities.
Reportedly, these issues are due primarily to integer-overflow and buffer-overflow flaws. Other issues may also be present. Successfully exploiting the issues may allow an attacker to execute arbitrary code in the context of the affected application.
The audit was performed on GnuPG version 1.4.6; therefore, if these issues are actual vulnerabilities they will affect that version. Other versions may also be affected.
GnuPG is potentially prone to multiple remote vulnerabilities. These issues are only 'potential' vulnerabilities, becuase they arise due to a code audit resulting in patches designed to add bounds checking and other fixes to the source code. The code audit lacked sufficient detail to determine if the fixes address actual vulnerabilities.
Reportedly, these issues are due primarily to integer-overflow and buffer-overflow flaws. Other issues may also be present. Successfully exploiting the issues may allow an attacker to execute arbitrary code in the context of the affected application.
The audit was performed on GnuPG version 1.4.6; therefore, if these issues are actual vulnerabilities they will affect that version. Other versions may also be affected.
Exploit / POC
GnuPG Multiple Potential Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
GnuPG Multiple Potential Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
GnuPG Multiple Potential Vulnerabilities
References:
References:
- [Full-disclosure] gnupg diff available (Felix von Leitner
- GnuPG Homepage (GnuPG)