Vulnerabilities > CVE-2006-3082 - Numeric Errors vulnerability in Gnupg

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
gnupg
CWE-189
nessus
exploit available

Summary

parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

Vulnerable Configurations

Part Description Count
Application
Gnupg
124

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionGnuPG 1.4.3/1.9.x Parse_User_ID Remote Buffer Overflow Vulnerability. CVE-2006-3082. Dos exploit for linux platform
idEDB-ID:28077
last seen2016-02-03
modified2006-06-20
published2006-06-20
reporterEvgeny Legerov
sourcehttps://www.exploit-db.com/download/28077/
titleGnuPG 1.4.3/1.9.x Parse_User_ID Remote Buffer Overflow Vulnerability

Nessus

  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL6535.NASL
    descriptionThe remote BIG-IP device is missing a patch required by a security advisory.
    last seen2020-06-01
    modified2020-06-02
    plugin id78208
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78208
    titleF5 Networks BIG-IP : Denial of service vulnerability in GnuPG (SOL6535)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GPG2-1835.NASL
    descriptionIt is possible to crash (denial of service) the GNU Privacy Guard (gpg) by supplying a specifically crafted message specifying a very large UID, which leads to an out of memory situation or an integer overflow. It is unclear if this problem can be exploited to execute code. This issue is tracked by the Mitre CVE ID CVE-2006-3082.
    last seen2020-06-01
    modified2020-06-02
    plugin id27249
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27249
    titleopenSUSE 10 Security Update : gpg2 (gpg2-1835)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_F900BDA8047211DBBBF7000C6EC775D9.NASL
    descriptionIf GnuPG processes a userid with a very long packet length, GnuPG can crash due to insufficient bounds check. This can result in a denial-of-service condition or potentially execution of arbitrary code with the privileges of the user running GnuPG.
    last seen2020-06-01
    modified2020-06-02
    plugin id21756
    published2006-06-26
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21756
    titleFreeBSD : gnupg -- user id integer overflow vulnerability (f900bda8-0472-11db-bbf7-000c6ec775d9)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-110.NASL
    descriptionA vulnerability was discovered in GnuPG 1.4.3 and 1.9.20 (and earlier) that could allow a remote attacker to cause gpg to crash and possibly overwrite memory via a message packet with a large length. The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21754
    published2006-06-24
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21754
    titleMandrake Linux Security Advisory : gnupg (MDKSA-2006:110)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-304-1.NASL
    descriptionEvgeny Legerov discovered that GnuPG did not sufficiently check overly large user ID packets. Specially crafted user IDs caused a buffer overflow. By tricking an user or remote automated system into processing a malicous GnuPG message, an attacker could exploit this to crash GnuPG or possibly even execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27879
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27879
    titleUbuntu 5.04 / 5.10 / 6.06 LTS : gnupg vulnerability (USN-304-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0571.NASL
    descriptionAn updated GnuPG package that fixes a security issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. An integer overflow flaw was found in GnuPG. An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened. (CVE-2006-3082) All users of GnuPG are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id22069
    published2006-07-19
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22069
    titleRHEL 2.1 / 3 / 4 : gnupg (RHSA-2006:0571)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GPG-1664.NASL
    descriptionIt is possible to crash (denial of service) the GNU Privacy Guard (gpg) by supplying a specifically crafted message specifying a very large UID, which leads to an out of memory situation or an integer overflow. It is unclear if this problem can be exploited to execute code. This issue is tracked by the Mitre CVE ID CVE-2006-3082.
    last seen2020-06-01
    modified2020-06-02
    plugin id27244
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27244
    titleopenSUSE 10 Security Update : gpg (gpg-1664)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-755.NASL
    descriptionThis update upgrades to upstream version 1.4.4, which places a limit on the size of user ID packets, closing a possible integer overflow (CVE-2006-3082). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24133
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24133
    titleFedora Core 5 : gnupg-1.4.4-2 (2006-755)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-757.NASL
    descriptionThis update upgrades to upstream version 1.4.4, which places a limit on the size of user ID packets, closing a possible integer overflow (CVE-2006-3082). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24134
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24134
    titleFedora Core 4 : gnupg-1.4.4-1 (2006-757)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1115.NASL
    descriptionEvgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID string.
    last seen2020-06-01
    modified2020-06-02
    plugin id22657
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22657
    titleDebian DSA-1115-1 : gnupg2 - integer overflow
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0571.NASL
    descriptionAn updated GnuPG package that fixes a security issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. An integer overflow flaw was found in GnuPG. An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened. (CVE-2006-3082) All users of GnuPG are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id22065
    published2006-07-19
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22065
    titleCentOS 3 / 4 : gnupg (CESA-2006:0571)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1107.NASL
    descriptionEvgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID string.
    last seen2020-06-01
    modified2020-06-02
    plugin id22649
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22649
    titleDebian DSA-1107-1 : gnupg - integer overflow
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GPG2-1834.NASL
    descriptionIt is possible to crash (denial of service) the GNU Privacy Guard (gpg) by supplying a specifically crafted message specifying a very large UID, which leads to an out of memory situation or an integer overflow. It is unclear if this problem can be exploited to execute code. This issue is tracked by the Mitre CVE ID CVE-2006-3082.
    last seen2020-06-01
    modified2020-06-02
    plugin id29451
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29451
    titleSuSE 10 Security Update : gpg2 (ZYPP Patch Number 1834)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2006-178-02.NASL
    descriptionNew GnuPG packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues which could allow an attacker to crash gnupg and possibly overwrite memory which could lead to an integer overflow.
    last seen2020-06-01
    modified2020-06-02
    plugin id21766
    published2006-06-28
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21766
    titleSlackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : gnupg DoS (SSA:2006-178-02)

Oval

accepted2013-04-29T04:01:29.562-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionparse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
familyunix
idoval:org.mitre.oval:def:10089
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleparse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
version26

Redhat

advisories
bugzilla
id195945
titleCVE-2006-3082 gnupg integer overflow
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • commentgnupg is earlier than 0:1.2.6-5
      ovaloval:com.redhat.rhsa:tst:20060571001
    • commentgnupg is signed with Red Hat master key
      ovaloval:com.redhat.rhsa:tst:20060266002
rhsa
idRHSA-2006:0571
released2006-07-18
severityModerate
titleRHSA-2006:0571: gnupg security update (Moderate)
rpms
  • gnupg-0:1.2.1-16
  • gnupg-0:1.2.6-5
  • gnupg-debuginfo-0:1.2.1-16
  • gnupg-debuginfo-0:1.2.6-5

References