Vulnerabilities > CVE-2018-12020 - Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging/Manipulating Configuration File Search Paths This attack loads a malicious resource into a program's standard path used to bootstrap and/or provide contextual information for a program like a path variable or classpath. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker. A standard UNIX path looks similar to this If the attacker modifies the path variable to point to a locale that includes malicious resources then the user unwittingly can execute commands on the attackers' behalf: This is a form of usurping control of the program and the attack can be done on the classpath, database resources, or any other resources built from compound parts. At runtime detection and blocking of this attack is nearly impossible, because the configuration allows execution.
- DLL Search Order Hijacking The attacker exploits the functionality of the Windows DLL loader where the process loading the DLL searches for the DLL to be loaded first in the same directory in which the process binary resides and then in other directories (e.g., System32). Exploitation of this preferential search order can allow an attacker to make the loading process load the attackers' rogue DLL rather than the legitimate DLL. For instance, an attacker with access to the file system may place a malicious ntshrui.dll in the C:\Windows directory. This DLL normally resides in the System32 folder. Process explorer.exe which also resides in C:\Windows, upon trying to load the ntshrui.dll from the System32 folder will actually load the DLL supplied by the attacker simply because of the preferential search order. Since the attacker has placed its malicious ntshrui.dll in the same directory as the loading explorer.exe process, the DLL supplied by the attacker will be found first and thus loaded in lieu of the legitimate DLL. Since explorer.exe is loaded during the boot cycle, the attackers' malware is guaranteed to execute. This attack can be leveraged with many different DLLs and with many different loading processes. No forensic trails are left in the system's registry or file system that an incorrect DLL had been loaded.
- Passing Local Filenames to Functions That Expect a URL This attack relies on client side code to access local files and resources instead of URLs. When the client browser is expecting a URL string, but instead receives a request for a local file, that execution is likely to occur in the browser process space with the browser's authority to local files. The attacker can send the results of this request to the local files out to a site that they control. This attack may be used to steal sensitive authentication data (either local or remote), or to gain system profile information to launch further attacks.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-640.NASL description This update for gpg2 fixes the following security issue : - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the last seen 2020-06-05 modified 2018-06-18 plugin id 110589 published 2018-06-18 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110589 title openSUSE Security Update : gpg2 (openSUSE-2018-640) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-640. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(110589); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-12020"); script_xref(name:"IAVA", value:"2018-A-0193"); script_name(english:"openSUSE Security Update : gpg2 (openSUSE-2018-640)"); script_summary(english:"Check for the openSUSE-2018-640 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for gpg2 fixes the following security issue : - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096745" ); script_set_attribute(attribute:"solution", value:"Update the affected gpg2 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gpg2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gpg2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gpg2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gpg2-lang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2018/06/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/18"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"gpg2-2.2.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"gpg2-debuginfo-2.2.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"gpg2-debugsource-2.2.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"gpg2-lang-2.2.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"gpg2-2.0.24-9.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"gpg2-debuginfo-2.0.24-9.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"gpg2-debugsource-2.0.24-9.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"gpg2-lang-2.0.24-9.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gpg2 / gpg2-debuginfo / gpg2-debugsource / gpg2-lang"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1696-1.NASL description This update for gpg2 fixes the following issues : - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the last seen 2020-06-01 modified 2020-06-02 plugin id 110594 published 2018-06-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110594 title SUSE SLES11 Security Update : gpg2 (SUSE-SU-2018:1696-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:1696-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(110594); script_version("1.8"); script_cvs_date("Date: 2019/09/10 13:51:48"); script_cve_id("CVE-2018-12020"); script_xref(name:"IAVA", value:"2018-A-0193"); script_name(english:"SUSE SLES11 Security Update : gpg2 (SUSE-SU-2018:1696-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for gpg2 fixes the following issues : - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1096745" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12020/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20181696-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?04ba298d" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-gpg2-13655=1 SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch slessp3-gpg2-13655=1 SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch sleposp3-gpg2-13655=1 SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-gpg2-13655=1 SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch dbgsp3-gpg2-13655=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gpg2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gpg2-lang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/08"); script_set_attribute(attribute:"patch_publication_date", value:"2018/06/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3/4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", reference:"gpg2-2.0.9-25.33.42.3.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"gpg2-lang-2.0.9-25.33.42.3.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"gpg2-2.0.9-25.33.42.3.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"gpg2-lang-2.0.9-25.33.42.3.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gpg2"); }NASL family Scientific Linux Local Security Checks NASL id SL_20180712_GNUPG2_ON_SL6_X.NASL description Security Fix(es) : - gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) last seen 2020-03-18 modified 2018-07-13 plugin id 111050 published 2018-07-13 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111050 title Scientific Linux Security Update : gnupg2 on SL6.x i386/x86_64 (20180712) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1221.NASL description According to the version of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-07-20 plugin id 111183 published 2018-07-20 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111183 title EulerOS 2.0 SP2 : gnupg2 (EulerOS-SA-2018-1221) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2180.NASL description An update for gnupg2 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 111033 published 2018-07-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111033 title RHEL 6 : gnupg2 (RHSA-2018:2180) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3964-1.NASL description Marcus Brinkmann discovered that GnuPG before 2.2.8 improperly handled certain command line parameters. A remote attacker could use this to spoof the output of GnuPG and cause unsigned e-mail to appear signed. (CVE-2018-12020) It was discovered that python-gnupg incorrectly handled the GPG passphrase. A remote attacker could send a specially crafted passphrase that would allow them to control the output of encryption and decryption operations. (CVE-2019-6690). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124587 published 2019-05-03 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124587 title Ubuntu 18.04 LTS / 18.10 / 19.04 : python-gnupg vulnerabilities (USN-3964-1) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0023_GNUPG2.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gnupg2 packages installed that are affected by a vulnerability: - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127182 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127182 title NewStart CGSL CORE 5.04 / MAIN 5.04 : gnupg2 Vulnerability (NS-SA-2019-0023) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1333.NASL description According to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118421 published 2018-10-26 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118421 title EulerOS Virtualization 2.5.0 : gnupg2 (EulerOS-SA-2018-1333) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2181.NASL description An update for gnupg2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 111034 published 2018-07-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111034 title RHEL 7 : gnupg2 (RHSA-2018:2181) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2018-170-01.NASL description New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 110619 published 2018-06-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110619 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : gnupg (SSA:2018-170-01) NASL family Fedora Local Security Checks NASL id FEDORA_2018-84FDBD021F.NASL description Important security update to new upstream gnupg version 2.2.8 and libgpg-error 1.31 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-06-19 plugin id 110598 published 2018-06-19 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110598 title Fedora 27 : gnupg2 / libgpg-error (2018-84fdbd021f) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1814-1.NASL description This update for gpg2 fixes the following security issue : - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the last seen 2020-06-01 modified 2020-06-02 plugin id 120025 published 2019-01-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120025 title SUSE SLED15 / SLES15 Security Update : gpg2 (SUSE-SU-2018:1814-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1324.NASL description According to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118412 published 2018-10-26 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118412 title EulerOS Virtualization 2.5.1 : gnupg2 (EulerOS-SA-2018-1324) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1698-1.NASL description This update for gpg2 fixes the following security issue : - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the last seen 2020-06-01 modified 2020-06-02 plugin id 110595 published 2018-06-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110595 title SUSE SLED12 / SLES12 Security Update : gpg2 (SUSE-SU-2018:1698-1) NASL family Fedora Local Security Checks NASL id FEDORA_2018-69780FC4D7.NASL description - New upstream v1.4.23 (#1589802,#1589620,#1589624) - Remove patches included in upstream release - Note that this includes the fix for [CVE-2018-12020] ---- - doc Remove documentation for future option faked sys - build Don last seen 2020-06-05 modified 2018-07-06 plugin id 110931 published 2018-07-06 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110931 title Fedora 27 : gnupg (2018-69780fc4d7) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_7DA0417F6B2411E884CC002590ACAE31.NASL description GnuPG reports : GnuPG did not sanitize input file names, which may then be output to the terminal. This could allow terminal control sequences or fake status messages to be injected into the output. last seen 2020-06-01 modified 2020-06-02 plugin id 110430 published 2018-06-11 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110430 title FreeBSD : gnupg -- unsanitized output (CVE-2018-12020) (7da0417f-6b24-11e8-84cc-002590acae31) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1223.NASL description According to the version of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-08-10 plugin id 111643 published 2018-08-10 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111643 title EulerOS 2.0 SP3 : gnupg2 (EulerOS-SA-2018-1223) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-477.NASL description This update for enigmail fixes vulnerabilities that allowed spoofing of e-mail signatures : - CVE-2018-12019: signature spoofing via specially crafted OpenPGP user IDs (boo#1097525) - CVE-2018-12020: signature spoofing via diagnostic output of the original file name in GnuPG verbose mode (boo#1096745) This mitigation prevents CVE-2018-12020 from being exploited even if GnuPG is not patched. last seen 2020-05-31 modified 2019-03-27 plugin id 123195 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123195 title openSUSE Security Update : enigmail (openSUSE-2019-477) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3675-1.NASL description Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. (CVE-2018-12020) Lance Vick discovered that GnuPG did not enforce configurations where key certification required an offline master Certify key. An attacker with access to a signing subkey could generate certifications that appeared to be valid. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-9234). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 110475 published 2018-06-12 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110475 title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : gnupg, gnupg2 vulnerabilities (USN-3675-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-2180.NASL description From Red Hat Security Advisory 2018:2180 : An update for gnupg2 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 111024 published 2018-07-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111024 title Oracle Linux 6 : gnupg2 (ELSA-2018-2180) NASL family Junos Local Security Checks NASL id JUNIPER_SPACE_JSA10917_184R1.NASL description According to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 121068 published 2019-01-10 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121068 title Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917) NASL family Fedora Local Security Checks NASL id FEDORA_2018-4EF71D3525.NASL description - doc Remove documentation for future option faked sys - build Don last seen 2020-06-05 modified 2019-01-03 plugin id 120411 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120411 title Fedora 28 : gnupg (2018-4ef71d3525) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-1045.NASL description A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output.(CVE-2018-12020) last seen 2020-06-01 modified 2020-06-02 plugin id 111605 published 2018-08-10 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111605 title Amazon Linux 2 : gnupg2 (ALAS-2018-1045) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-480.NASL description This update for gpg2 fixes the following security issue : - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the last seen 2020-05-31 modified 2019-03-27 plugin id 123198 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123198 title openSUSE Security Update : gpg2 (openSUSE-2019-480) NASL family Fedora Local Security Checks NASL id FEDORA_2018-A4E13742B4.NASL description - New upstream v1.4.23 (#1589802,#1589620,#1589624) - Remove patches included in upstream release - Note that this includes the fix for [CVE-2018-12020] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120670 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120670 title Fedora 28 : gnupg (2018-a4e13742b4) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-2180.NASL description An update for gnupg2 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 111078 published 2018-07-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111078 title CentOS 6 : gnupg2 (CESA-2018:2180) NASL family Fedora Local Security Checks NASL id FEDORA_2018-3DC16842E2.NASL description Important security update to new upstream gnupg version 2.2.8 and libgpg-error 1.31 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120365 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120365 title Fedora 28 : gnupg2 / libgpg-error (2018-3dc16842e2) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1077.NASL description According to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the last seen 2020-06-01 modified 2020-06-02 plugin id 122700 published 2019-03-08 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122700 title EulerOS Virtualization 2.5.2 : gnupg2 (EulerOS-SA-2019-1077) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3675-2.NASL description USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Original advisory details : Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 110549 published 2018-06-15 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110549 title Ubuntu 14.04 LTS / 16.04 LTS : gnupg2 vulnerability (USN-3675-2) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1045.NASL description A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) last seen 2020-06-01 modified 2020-06-02 plugin id 110784 published 2018-06-29 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110784 title Amazon Linux AMI : gnupg / gnupg2 (ALAS-2018-1045) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0135_GNUPG2.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has gnupg2 packages installed that are affected by a vulnerability: - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127393 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127393 title NewStart CGSL MAIN 4.05 : gnupg2 Vulnerability (NS-SA-2019-0135) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2018-0239.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2018-12020 - missing sanitization of original filename last seen 2020-06-01 modified 2020-06-02 plugin id 111049 published 2018-07-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111049 title OracleVM 3.3 / 3.4 : gnupg2 (OVMSA-2018-0239) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-2181.NASL description From Red Hat Security Advisory 2018:2181 : An update for gnupg2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 111025 published 2018-07-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111025 title Oracle Linux 7 : gnupg2 (ELSA-2018-2181) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1457.NASL description According to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output.(CVE-2018-12020) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124960 published 2019-05-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124960 title EulerOS Virtualization 3.0.1.0 : gnupg2 (EulerOS-SA-2019-1457) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2018-159-01.NASL description New gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and - -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 110432 published 2018-06-11 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110432 title Slackware 13.37 / 14.0 / 14.1 / 14.2 / current : gnupg2 (SSA:2018-159-01) NASL family Scientific Linux Local Security Checks NASL id SL_20180712_GNUPG2_ON_SL7_X.NASL description Security Fix(es) : - gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) last seen 2020-03-18 modified 2018-07-17 plugin id 111113 published 2018-07-17 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111113 title Scientific Linux Security Update : gnupg2 on SL7.x x86_64 (20180712) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4224.NASL description Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html last seen 2020-06-01 modified 2020-06-02 plugin id 110423 published 2018-06-11 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110423 title Debian DSA-4224-1 : gnupg - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-630.NASL description This update for enigmail fixes vulnerabilities that allowed spoofing of e-mail signatures : - CVE-2018-12019: signature spoofing via specially crafted OpenPGP user IDs (boo#1097525) - CVE-2018-12020: signature spoofing via diagnostic output of the original file name in GnuPG verbose mode (boo#1096745) This mitigation prevents CVE-2018-12020 from being exploited even if GnuPG is not patched. last seen 2020-06-05 modified 2018-06-18 plugin id 110586 published 2018-06-18 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110586 title openSUSE Security Update : enigmail (openSUSE-2018-630) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1157.NASL description According to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output.i1/4^CVE-2018-12020i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2019-04-09 plugin id 123843 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123843 title EulerOS Virtualization 2.5.3 : gnupg2 (EulerOS-SA-2019-1157) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1698-2.NASL description This update for gpg2 fixes the following security issue : CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the last seen 2020-06-01 modified 2020-06-02 plugin id 118265 published 2018-10-22 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118265 title SUSE SLES12 Security Update : gpg2 (SUSE-SU-2018:1698-2) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-2181.NASL description An update for gnupg2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 111079 published 2018-07-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111079 title CentOS 7 : gnupg2 (CESA-2018:2181) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4222.NASL description Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html last seen 2020-06-01 modified 2020-06-02 plugin id 110421 published 2018-06-11 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110421 title Debian DSA-4222-1 : gnupg2 - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-646.NASL description This update for python-python-gnupg to version 0.4.3 fixes the following issues : The following security vulnerabilities were addressed : - Sanitize diagnostic output of the original file name in verbose mode (CVE-2018-12020 boo#1096745) The following other changes were made : - Add --no-verbose to the gpg command line, in case verbose is specified is gpg.conf. - Add expect_passphrase password for use on GnuPG >= 2.1 when passing passphrase to gpg via pinentry - Provide a trust_keys method to allow setting the trust level for keys - When the gpg executable is not found, note the path used in the exception message - Make error messages more informational last seen 2020-06-05 modified 2018-06-18 plugin id 110591 published 2018-06-18 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110591 title openSUSE Security Update : python-python-gnupg (openSUSE-2018-646) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-478.NASL description This update for python-python-gnupg to version 0.4.3 fixes the following issues : The following security vulnerabilities were addressed : - Sanitize diagnostic output of the original file name in verbose mode (CVE-2018-12020 boo#1096745) The following other changes were made : - Add --no-verbose to the gpg command line, in case verbose is specified is gpg.conf. - Add expect_passphrase password for use on GnuPG >= 2.1 when passing passphrase to gpg via pinentry - Provide a trust_keys method to allow setting the trust level for keys - When the gpg executable is not found, note the path used in the exception message - Make error messages more informational last seen 2020-06-01 modified 2020-06-02 plugin id 123196 published 2019-03-27 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123196 title openSUSE Security Update : python-python-gnupg (openSUSE-2019-478) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4223.NASL description Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html last seen 2020-06-01 modified 2020-06-02 plugin id 110422 published 2018-06-11 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110422 title Debian DSA-4223-1 : gnupg1 - security update
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
The Hacker News
id THN:7AF4F467FCD2B758CD46FDBECE48E35F last seen 2018-06-15 modified 2018-06-15 published 2018-06-15 reporter Swati Khandelwal source https://thehackernews.com/2018/06/gnupg-encryption-signature.html title GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature id THN:20BF2C23D315483B3CA9190D047C1212 last seen 2019-04-30 modified 2019-04-30 published 2019-04-30 reporter The Hacker News source https://thehackernews.com/2019/04/email-signature-spoofing.html title Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks
References
- https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
- https://dev.gnupg.org/T4012
- http://openwall.com/lists/oss-security/2018/06/08/2
- https://www.debian.org/security/2018/dsa-4224
- https://www.debian.org/security/2018/dsa-4223
- https://www.debian.org/security/2018/dsa-4222
- http://www.securitytracker.com/id/1041051
- https://usn.ubuntu.com/3675-1/
- http://www.securityfocus.com/bid/104450
- https://usn.ubuntu.com/3675-2/
- https://usn.ubuntu.com/3675-3/
- https://access.redhat.com/errata/RHSA-2018:2181
- https://access.redhat.com/errata/RHSA-2018:2180
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- http://www.openwall.com/lists/oss-security/2019/04/30/4
- http://seclists.org/fulldisclosure/2019/Apr/38
- http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html
- https://usn.ubuntu.com/3964-1/
- https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
- https://github.com/RUB-NDS/Johnny-You-Are-Fired
- https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html