Vulnerabilities > CVE-2006-3082 - Numeric Errors vulnerability in Gnupg
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | GnuPG 1.4.3/1.9.x Parse_User_ID Remote Buffer Overflow Vulnerability. CVE-2006-3082. Dos exploit for linux platform |
| id | EDB-ID:28077 |
| last seen | 2016-02-03 |
| modified | 2006-06-20 |
| published | 2006-06-20 |
| reporter | Evgeny Legerov |
| source | https://www.exploit-db.com/download/28077/ |
| title | GnuPG 1.4.3/1.9.x Parse_User_ID Remote Buffer Overflow Vulnerability |
Nessus
NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL6535.NASL description The remote BIG-IP device is missing a patch required by a security advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 78208 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78208 title F5 Networks BIG-IP : Denial of service vulnerability in GnuPG (SOL6535) NASL family SuSE Local Security Checks NASL id SUSE_GPG2-1835.NASL description It is possible to crash (denial of service) the GNU Privacy Guard (gpg) by supplying a specifically crafted message specifying a very large UID, which leads to an out of memory situation or an integer overflow. It is unclear if this problem can be exploited to execute code. This issue is tracked by the Mitre CVE ID CVE-2006-3082. last seen 2020-06-01 modified 2020-06-02 plugin id 27249 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27249 title openSUSE 10 Security Update : gpg2 (gpg2-1835) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_F900BDA8047211DBBBF7000C6EC775D9.NASL description If GnuPG processes a userid with a very long packet length, GnuPG can crash due to insufficient bounds check. This can result in a denial-of-service condition or potentially execution of arbitrary code with the privileges of the user running GnuPG. last seen 2020-06-01 modified 2020-06-02 plugin id 21756 published 2006-06-26 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21756 title FreeBSD : gnupg -- user id integer overflow vulnerability (f900bda8-0472-11db-bbf7-000c6ec775d9) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-110.NASL description A vulnerability was discovered in GnuPG 1.4.3 and 1.9.20 (and earlier) that could allow a remote attacker to cause gpg to crash and possibly overwrite memory via a message packet with a large length. The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21754 published 2006-06-24 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21754 title Mandrake Linux Security Advisory : gnupg (MDKSA-2006:110) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-304-1.NASL description Evgeny Legerov discovered that GnuPG did not sufficiently check overly large user ID packets. Specially crafted user IDs caused a buffer overflow. By tricking an user or remote automated system into processing a malicous GnuPG message, an attacker could exploit this to crash GnuPG or possibly even execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27879 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27879 title Ubuntu 5.04 / 5.10 / 6.06 LTS : gnupg vulnerability (USN-304-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0571.NASL description An updated GnuPG package that fixes a security issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. An integer overflow flaw was found in GnuPG. An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened. (CVE-2006-3082) All users of GnuPG are advised to upgrade to this updated package, which contains a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22069 published 2006-07-19 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22069 title RHEL 2.1 / 3 / 4 : gnupg (RHSA-2006:0571) NASL family SuSE Local Security Checks NASL id SUSE_GPG-1664.NASL description It is possible to crash (denial of service) the GNU Privacy Guard (gpg) by supplying a specifically crafted message specifying a very large UID, which leads to an out of memory situation or an integer overflow. It is unclear if this problem can be exploited to execute code. This issue is tracked by the Mitre CVE ID CVE-2006-3082. last seen 2020-06-01 modified 2020-06-02 plugin id 27244 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27244 title openSUSE 10 Security Update : gpg (gpg-1664) NASL family Fedora Local Security Checks NASL id FEDORA_2006-755.NASL description This update upgrades to upstream version 1.4.4, which places a limit on the size of user ID packets, closing a possible integer overflow (CVE-2006-3082). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24133 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24133 title Fedora Core 5 : gnupg-1.4.4-2 (2006-755) NASL family Fedora Local Security Checks NASL id FEDORA_2006-757.NASL description This update upgrades to upstream version 1.4.4, which places a limit on the size of user ID packets, closing a possible integer overflow (CVE-2006-3082). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24134 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24134 title Fedora Core 4 : gnupg-1.4.4-1 (2006-757) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1115.NASL description Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID string. last seen 2020-06-01 modified 2020-06-02 plugin id 22657 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22657 title Debian DSA-1115-1 : gnupg2 - integer overflow NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0571.NASL description An updated GnuPG package that fixes a security issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. An integer overflow flaw was found in GnuPG. An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened. (CVE-2006-3082) All users of GnuPG are advised to upgrade to this updated package, which contains a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22065 published 2006-07-19 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22065 title CentOS 3 / 4 : gnupg (CESA-2006:0571) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1107.NASL description Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID string. last seen 2020-06-01 modified 2020-06-02 plugin id 22649 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22649 title Debian DSA-1107-1 : gnupg - integer overflow NASL family SuSE Local Security Checks NASL id SUSE_GPG2-1834.NASL description It is possible to crash (denial of service) the GNU Privacy Guard (gpg) by supplying a specifically crafted message specifying a very large UID, which leads to an out of memory situation or an integer overflow. It is unclear if this problem can be exploited to execute code. This issue is tracked by the Mitre CVE ID CVE-2006-3082. last seen 2020-06-01 modified 2020-06-02 plugin id 29451 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29451 title SuSE 10 Security Update : gpg2 (ZYPP Patch Number 1834) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-178-02.NASL description New GnuPG packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues which could allow an attacker to crash gnupg and possibly overwrite memory which could lead to an integer overflow. last seen 2020-06-01 modified 2020-06-02 plugin id 21766 published 2006-06-28 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21766 title Slackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : gnupg DoS (SSA:2006-178-02)
Oval
| accepted | 2013-04-29T04:01:29.562-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:10089 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
- ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
- http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157
- http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157
- http://seclists.org/lists/fulldisclosure/2006/May/0774.html
- http://seclists.org/lists/fulldisclosure/2006/May/0774.html
- http://seclists.org/lists/fulldisclosure/2006/May/0782.html
- http://seclists.org/lists/fulldisclosure/2006/May/0782.html
- http://seclists.org/lists/fulldisclosure/2006/May/0789.html
- http://seclists.org/lists/fulldisclosure/2006/May/0789.html
- http://secunia.com/advisories/20783
- http://secunia.com/advisories/20783
- http://secunia.com/advisories/20801
- http://secunia.com/advisories/20801
- http://secunia.com/advisories/20811
- http://secunia.com/advisories/20811
- http://secunia.com/advisories/20829
- http://secunia.com/advisories/20829
- http://secunia.com/advisories/20881
- http://secunia.com/advisories/20881
- http://secunia.com/advisories/20899
- http://secunia.com/advisories/20899
- http://secunia.com/advisories/20968
- http://secunia.com/advisories/20968
- http://secunia.com/advisories/21063
- http://secunia.com/advisories/21063
- http://secunia.com/advisories/21135
- http://secunia.com/advisories/21135
- http://secunia.com/advisories/21137
- http://secunia.com/advisories/21137
- http://secunia.com/advisories/21143
- http://secunia.com/advisories/21143
- http://secunia.com/advisories/21585
- http://secunia.com/advisories/21585
- http://securitytracker.com/id?1016519
- http://securitytracker.com/id?1016519
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.457382
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.457382
- http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm
- http://www.debian.org/security/2006/dsa-1107
- http://www.debian.org/security/2006/dsa-1107
- http://www.debian.org/security/2006/dsa-1115
- http://www.debian.org/security/2006/dsa-1115
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:110
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:110
- http://www.novell.com/linux/security/advisories/2006_18_sr.html
- http://www.novell.com/linux/security/advisories/2006_18_sr.html
- http://www.novell.com/linux/security/advisories/2006_38_security.html
- http://www.novell.com/linux/security/advisories/2006_38_security.html
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.html
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.html
- http://www.redhat.com/support/errata/RHSA-2006-0571.html
- http://www.redhat.com/support/errata/RHSA-2006-0571.html
- http://www.securityfocus.com/archive/1/438751/100/0/threaded
- http://www.securityfocus.com/archive/1/438751/100/0/threaded
- http://www.securityfocus.com/bid/18554
- http://www.securityfocus.com/bid/18554
- http://www.vupen.com/english/advisories/2006/2450
- http://www.vupen.com/english/advisories/2006/2450
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27245
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27245
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089
- https://usn.ubuntu.com/304-1/
- https://usn.ubuntu.com/304-1/