Vulnerabilities > CVE-2010-2547 - Use After Free vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | Gnupg
| 17 |
OS | 1 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0603.NASL description An updated gnupg2 package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A use-after-free flaw was found in the way gpgsm, a Cryptographic Message Syntax (CMS) encryption and signing tool, handled X.509 certificates with a large number of Subject Alternate Names. A specially crafted X.509 certificate could, when imported, cause gpgsm to crash or, possibly, execute arbitrary code. (CVE-2010-2547) All gnupg2 users should upgrade to this updated package, which contains a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 48252 published 2010-08-05 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48252 title RHEL 5 : gnupg2 (RHSA-2010:0603) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2010:0603. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(48252); script_version ("1.20"); script_cvs_date("Date: 2019/10/25 13:36:15"); script_cve_id("CVE-2010-2547"); script_bugtraq_id(41945); script_xref(name:"RHSA", value:"2010:0603"); script_name(english:"RHEL 5 : gnupg2 (RHSA-2010:0603)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated gnupg2 package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A use-after-free flaw was found in the way gpgsm, a Cryptographic Message Syntax (CMS) encryption and signing tool, handled X.509 certificates with a large number of Subject Alternate Names. A specially crafted X.509 certificate could, when imported, cause gpgsm to crash or, possibly, execute arbitrary code. (CVE-2010-2547) All gnupg2 users should upgrade to this updated package, which contains a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2547" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2010:0603" ); script_set_attribute( attribute:"solution", value:"Update the affected gnupg2 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gnupg2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/05"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2010:0603"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"gnupg2-2.0.10-3.el5_5.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"gnupg2-2.0.10-3.el5_5.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"gnupg2-2.0.10-3.el5_5.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnupg2"); } }
NASL family SuSE Local Security Checks NASL id SUSE_11_GPG2-100728.NASL description This update fixes a vulnerability of GnuPG2 to arbitrary code execution by context-dependent attackers due to reusing a freed pointer when verifying a signature or importing a certificate with many last seen 2020-06-01 modified 2020-06-02 plugin id 50913 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50913 title SuSE 11 / 11.1 Security Update : gpg2 (SAT Patch Numbers 2820 / 2822) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(50913); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:39"); script_cve_id("CVE-2010-2547"); script_name(english:"SuSE 11 / 11.1 Security Update : gpg2 (SAT Patch Numbers 2820 / 2822)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update fixes a vulnerability of GnuPG2 to arbitrary code execution by context-dependent attackers due to reusing a freed pointer when verifying a signature or importing a certificate with many 'Subject Alternate Names'. (CVE-2010-2547)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=625947" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2547.html" ); script_set_attribute( attribute:"solution", value:"Apply SAT patch number 2820 / 2822 as appropriate." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:gpg2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:gpg2-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libgcrypt11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libgcrypt11-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libgpg-error0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libgpg-error0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libksba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2010/07/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); flag = 0; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"gpg2-2.0.9-25.26.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"gpg2-lang-2.0.9-25.26.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"libgcrypt11-1.4.1-6.7")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"libgpg-error0-1.6-8.6")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"libksba-1.0.4-1.16")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"gpg2-2.0.9-25.26.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"gpg2-lang-2.0.9-25.26.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libgcrypt11-1.4.1-6.7")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libgcrypt11-32bit-1.4.1-6.7")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libgpg-error0-1.6-8.6")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libgpg-error0-32bit-1.6-8.6")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libksba-1.0.4-1.16")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"gpg2-2.0.9-25.26.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"gpg2-lang-2.0.9-25.26.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"gpg2-2.0.9-25.26.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"gpg2-lang-2.0.9-25.26.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"gpg2-2.0.9-25.26.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"gpg2-lang-2.0.9-25.26.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"libgcrypt11-1.4.1-6.7")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"libgpg-error0-1.6-8.6")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"libksba-1.0.4-1.16")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"libgcrypt11-32bit-1.4.1-6.7")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"libgpg-error0-32bit-1.6-8.6")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"libgcrypt11-32bit-1.4.1-6.7")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"libgpg-error0-32bit-1.6-8.6")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"gpg2-2.0.9-25.26.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"gpg2-lang-2.0.9-25.26.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0603.NASL description From Red Hat Security Advisory 2010:0603 : An updated gnupg2 package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A use-after-free flaw was found in the way gpgsm, a Cryptographic Message Syntax (CMS) encryption and signing tool, handled X.509 certificates with a large number of Subject Alternate Names. A specially crafted X.509 certificate could, when imported, cause gpgsm to crash or, possibly, execute arbitrary code. (CVE-2010-2547) All gnupg2 users should upgrade to this updated package, which contains a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 68078 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68078 title Oracle Linux 5 : gnupg2 (ELSA-2010-0603) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2010:0603 and # Oracle Linux Security Advisory ELSA-2010-0603 respectively. # include("compat.inc"); if (description) { script_id(68078); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:08"); script_cve_id("CVE-2010-2547"); script_bugtraq_id(41945); script_xref(name:"RHSA", value:"2010:0603"); script_name(english:"Oracle Linux 5 : gnupg2 (ELSA-2010-0603)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2010:0603 : An updated gnupg2 package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A use-after-free flaw was found in the way gpgsm, a Cryptographic Message Syntax (CMS) encryption and signing tool, handled X.509 certificates with a large number of Subject Alternate Names. A specially crafted X.509 certificate could, when imported, cause gpgsm to crash or, possibly, execute arbitrary code. (CVE-2010-2547) All gnupg2 users should upgrade to this updated package, which contains a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2010-August/001577.html" ); script_set_attribute( attribute:"solution", value:"Update the affected gnupg2 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnupg2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/05"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"gnupg2-2.0.10-3.el5_5.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnupg2"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_1_GPG2-100728.NASL description GnuPG2 was vulnerable to arbitrary code execution by context-dependent attackers because of reusing a freed pointer when verifying a signature or importing a certificate with many last seen 2020-06-01 modified 2020-06-02 plugin id 48259 published 2010-08-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48259 title openSUSE Security Update : gpg2 (openSUSE-SU-2010:0479-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update gpg2-2819. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(48259); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2010-2547"); script_name(english:"openSUSE Security Update : gpg2 (openSUSE-SU-2010:0479-1)"); script_summary(english:"Check for the gpg2-2819 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "GnuPG2 was vulnerable to arbitrary code execution by context-dependent attackers because of reusing a freed pointer when verifying a signature or importing a certificate with many 'Subject Alternate Names'. (CVE-2010-2547)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=625947" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2010-08/msg00016.html" ); script_set_attribute(attribute:"solution", value:"Update the affected gpg2 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gpg2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gpg2-lang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/07/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"gpg2-2.0.9-25.109.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"gpg2-lang-2.0.9-25.109.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gpg2"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-970-1.NASL description It was discovered that GPGSM in GnuPG2 did not correctly handle certificates with a large number of Subject Alternate Names. If a user or automated system were tricked into processing a specially crafted certificate, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 48315 published 2010-08-12 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48315 title Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : gnupg2 vulnerability (USN-970-1) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2010-240-01.NASL description New gnupg2 packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 48919 published 2010-08-29 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48919 title Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : gnupg2 (SSA:2010-240-01) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-15.NASL description The remote host is affected by the vulnerability described in GLSA-201110-15 (GnuPG: User-assisted execution of arbitrary code) The GPGSM utility in GnuPG contains a use-after-free vulnerability that may be exploited when importing a crafted X.509 certificate explicitly or during the signature verification process. Impact : An unauthenticated remote attacker may execute arbitrary code with the privileges of the user running GnuPG by enticing them to import a crafted certificate. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56590 published 2011-10-24 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56590 title GLSA-201110-15 : GnuPG: User-assisted execution of arbitrary code NASL family SuSE Local Security Checks NASL id SUSE_11_2_GPG2-100728.NASL description GnuPG2 was vulnerable to arbitrary code execution by context-dependent attackers because of reusing a freed pointer when verifying a signature or importing a certificate with many last seen 2020-06-01 modified 2020-06-02 plugin id 48260 published 2010-08-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48260 title openSUSE Security Update : gpg2 (openSUSE-SU-2010:0479-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-143.NASL description A vulnerability has been discovered and corrected in gnupg2 : Importing a certificate with more than 98 Subject Alternate Names via GPGSM last seen 2020-06-01 modified 2020-06-02 plugin id 48209 published 2010-08-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48209 title Mandriva Linux Security Advisory : gnupg2 (MDVSA-2010:143) NASL family SuSE Local Security Checks NASL id SUSE_GPG2-7107.NASL description This update fixes a vulnerability of GnuPG2 to arbitrary code execution by context-dependent attackers due to reusing a freed pointer when verifying a signature or importing a certificate with many last seen 2020-06-01 modified 2020-06-02 plugin id 49856 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49856 title SuSE 10 Security Update : gpg2 (ZYPP Patch Number 7107) NASL family Scientific Linux Local Security Checks NASL id SL_20100804_GNUPG2_ON_SL5_X.NASL description A use-after-free flaw was found in the way gpgsm, a Cryptographic Message Syntax (CMS) encryption and signing tool, handled X.509 certificates with a large number of Subject Alternate Names. A specially crafted X.509 certificate could, when imported, cause gpgsm to crash or, possibly, execute arbitrary code. (CVE-2010-2547) last seen 2020-06-01 modified 2020-06-02 plugin id 60829 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60829 title Scientific Linux Security Update : gnupg2 on SL5.x i386/x86_64 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2076.NASL description It was discovered that GnuPG 2 uses a freed pointer when verifying a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 47890 published 2010-07-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47890 title Debian DSA-2076-1 : gnupg2 - use-after-free NASL family SuSE Local Security Checks NASL id SUSE_11_3_GPG2-100728.NASL description GnuPG2 was vulnerable to arbitrary code execution by context-dependent attackers because of reusing a freed pointer when verifying a signature or importing a certificate with many last seen 2020-06-01 modified 2020-06-02 plugin id 75523 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75523 title openSUSE Security Update : gpg2 (openSUSE-SU-2010:0479-1) NASL family Fedora Local Security Checks NASL id FEDORA_2010-11413.NASL description - Fri Jul 23 2010 Rex Dieter <rdieter at fedoraproject.org> - 2.0.14-4 - gpgsm realloc patch - Fri Jun 18 2010 Tomas Mraz <tmraz at redhat.com> - 2.0.14-3 - initialize small amount of secmem for list of algorithms in help (#598847) (necessary in the FIPS mode of libgcrypt) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 48229 published 2010-08-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48229 title Fedora 13 : gnupg2-2.0.14-4.fc13 (2010-11413) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0603.NASL description An updated gnupg2 package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A use-after-free flaw was found in the way gpgsm, a Cryptographic Message Syntax (CMS) encryption and signing tool, handled X.509 certificates with a large number of Subject Alternate Names. A specially crafted X.509 certificate could, when imported, cause gpgsm to crash or, possibly, execute arbitrary code. (CVE-2010-2547) All gnupg2 users should upgrade to this updated package, which contains a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 48268 published 2010-08-09 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48268 title CentOS 5 : gnupg2 (CESA-2010:0603)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://www.debian.org/security/2010/dsa-2076
- http://www.securitytracker.com/id?1024247
- http://secunia.com/advisories/38877
- http://secunia.com/advisories/40718
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:143
- http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html
- http://www.vupen.com/english/advisories/2010/1988
- http://www.vupen.com/english/advisories/2010/1931
- http://www.vupen.com/english/advisories/2010/1950
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html
- http://www.securityfocus.com/bid/41945
- http://secunia.com/advisories/40841
- http://www.vupen.com/english/advisories/2010/2217
- http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html
- https://issues.rpath.com/browse/RPL-3229
- http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076
- http://www.vupen.com/english/advisories/2010/3125