Vulnerabilities > CVE-2001-0522 - Unspecified vulnerability in GNU Privacy Guard 7.1/7.2/8.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
| description | GNU Privacy Guard 1.0.x Format String Vulnerability. CVE-2001-0522. Remote exploits for multiple platform |
| id | EDB-ID:20889 |
| last seen | 2016-02-02 |
| modified | 2001-05-29 |
| published | 2001-05-29 |
| reporter | fish stiqz |
| source | https://www.exploit-db.com/download/20889/ |
| title | GNU Privacy Guard 1.0.x - Format String Vulnerability |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2001-053.NASL description A format string vulnerability exists in gnupg 1.0.5 and previous versions which is fixed in 1.0.6. This vulnerability can be used to invoke shell commands with privileges of the currently logged-in user. Update : The /usr/bin/gpg executable was installed setuid root and setgid root. While being setuid root offers locking pages in physical memory to avoid writing sensitive material to swap and is of benefit, being setgid root provides no benefits and allows users to write to files that have group root access. This update strips the setgid bit from /usr/bin/gpg. last seen 2020-06-01 modified 2020-06-02 plugin id 13870 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13870 title Mandrake Linux Security Advisory : gnupg (MDKSA-2001:053-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-061.NASL description The version of GnuPG (GNU Privacy Guard, an OpenPGP implementation) as distributed in Debian GNU/Linux 2.2 suffers from two problems : - fish stiqz reported on bugtraq that there was a printf format problem in the do_get() function: it printed a prompt which included the filename that was being decrypted without checking for possible printf format attacks. This could be exploited by tricking someone into decrypting a file with a specially crafted filename. - The second bug is related to importing secret keys: when gnupg imported a secret key it would immediately make the associated public key fully trusted which changes your web of trust without asking for a confirmation. To fix this you now need a special option to import a secret key. Both problems have been fixed in version 1.0.6-0potato1. last seen 2020-06-01 modified 2020-06-02 plugin id 14898 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14898 title Debian DSA-061-1 : gnupg - printf format attack
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000399
- http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01
- http://online.securityfocus.com/archive/1/188218
- http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt
- http://www.debian.org/security/2001/dsa-061
- http://www.gnupg.org/whatsnew.html#rn20010529
- http://www.kb.cert.org/vuls/id/403051
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3
- http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html
- http://www.osvdb.org/1845
- http://www.redhat.com/support/errata/RHSA-2001-073.html
- http://www.securityfocus.com/bid/2797
- http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6642