ID CVE-2006-6235
Summary A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:1.4.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.4.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:1.9.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:1.9.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.9.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:1.9.20:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:1.9.20:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gpg4win:gpg4win:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:gpg4win:gpg4win:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:fedora_core:core6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:fedora_core:core6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
  • cpe:2.3:o:rpath:linux:1:*:*:*:*:*:*:*
    cpe:2.3:o:rpath:linux:1:*:*:*:*:*:*:*
  • cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:*:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 17-10-2018 - 21:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:12:38.470-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
family unix
id oval:org.mitre.oval:def:11245
status accepted
submitted 2010-07-09T03:56:16-04:00
title A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
version 29
redhat via4
advisories
bugzilla
id 1618242
title CVE-2006-6235 security flaw
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304025
    • comment gnupg is earlier than 0:1.2.6-8
      oval oval:com.redhat.rhsa:tst:20060754001
    • comment gnupg is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20060266002
rhsa
id RHSA-2006:0754
released 2006-12-06
severity Important
title RHSA-2006:0754: gnupg security update (Important)
rpms
  • gnupg-0:1.0.7-20
  • gnupg-0:1.2.1-19
  • gnupg-0:1.2.6-8
  • gnupg-debuginfo-0:1.2.1-19
  • gnupg-debuginfo-0:1.2.6-8
refmap via4
bid 21462
bugtraq
  • 20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235]
  • 20061206 rPSA-2006-0227-1 gnupg
cert-vn VU#427009
confirm
debian DSA-1231
gentoo GLSA-200612-03
mandriva MDKSA-2006:228
mlist [gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235]
openpkg OpenPKG-SA-2006.037
sectrack 1017349
secunia
  • 23245
  • 23250
  • 23255
  • 23259
  • 23269
  • 23284
  • 23290
  • 23299
  • 23303
  • 23329
  • 23335
  • 23513
  • 24047
sgi 20061201-01-P
suse
  • SUSE-SA:2006:075
  • SUSE-SR:2006:028
trustix 2006-0070
ubuntu
  • USN-393-1
  • USN-393-2
vupen ADV-2006-4881
xf gnupg-openpgp-code-execution(30711)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 17-10-2018 - 21:47
Published 07-12-2006 - 11:28
Last modified 17-10-2018 - 21:47
Back to Top