CVE-2006-3746
CVSS5.0
发布时间 :2006-07-28 17:04:00
修订时间 :2011-03-07 21:39:23
NMCOPS    

[原文]Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.


[CNNVD]GnuPG parse_comment缓冲区溢出漏洞(CNNVD-200607-499)

        GnuPG是基于OpenPGP标准的PGP加密、解密、签名工具。
        GnuPG工具在处理超长用户参数时存在缓冲区溢出漏洞,攻击者可能利用此漏洞在用户机器上执行任意指令。
        如果向GnuPG提交超长的命令行参数,就会触发parse_comment中的缓冲区溢出,导致执行任意指令。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11347Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a craft...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3746
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3746
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-499
(官方数据源) CNNVD

- 其它链接及资源

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502
(UNKNOWN)  MISC  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502
http://www.vupen.com/english/advisories/2006/3123
(UNKNOWN)  VUPEN  ADV-2006-3123
http://www.ubuntu.com/usn/usn-332-1
(UNKNOWN)  UBUNTU  USN-332-1
http://www.securityfocus.com/bid/19110
(UNKNOWN)  BID  19110
http://www.redhat.com/support/errata/RHSA-2006-0615.html
(UNKNOWN)  REDHAT  RHSA-2006:0615
http://www.gossamer-threads.com/lists/gnupg/devel/37623
(UNKNOWN)  MLIST  [Gnupg-devel] 20060725 Re: [Dailydave] GnuPG 1.4.4 fun
http://lists.immunitysec.com/pipermail/dailydave/2006-July/003354.html
(UNKNOWN)  MLIST  [Dailydave] 20060721 GnuPG 1.4.4 fun
http://xforce.iss.net/xforce/xfdb/28220
(UNKNOWN)  XF  gnupg-parsecomment-bo(28220)
http://www.ubuntu.com/usn/usn-332-1
(UNKNOWN)  UBUNTU  USN-332-1
http://www.securityfocus.com/archive/1/archive/1/442621/100/100/threaded
(UNKNOWN)  BUGTRAQ  20060808 ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability
http://www.securityfocus.com/archive/1/archive/1/442012/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060802 rPSA-2006-0143-1 gnupg
http://www.osvdb.org/27664
(UNKNOWN)  OSVDB  27664
http://www.novell.com/linux/security/advisories/2006_20_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:020
http://www.mandriva.com/security/advisories?name=MDKSA-2006:141
(UNKNOWN)  MANDRIVA  MDKSA-2006:141
http://www.debian.org/security/2006/dsa-1141
(UNKNOWN)  DEBIAN  DSA-1141
http://www.debian.org/security/2006/dsa-1140
(UNKNOWN)  DEBIAN  DSA-1140
http://support.avaya.com/elmodocs2/security/ASA-2006-164.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-164.htm
http://securitytracker.com/id?1016622
(UNKNOWN)  SECTRACK  1016622
http://security.gentoo.org/glsa/glsa-200608-08.xml
(UNKNOWN)  GENTOO  GLSA-200608-08
http://secunia.com/advisories/21598
(UNKNOWN)  SECUNIA  21598
http://secunia.com/advisories/21524
(UNKNOWN)  SECUNIA  21524
http://secunia.com/advisories/21522
(UNKNOWN)  SECUNIA  21522
http://secunia.com/advisories/21467
(UNKNOWN)  SECUNIA  21467
http://secunia.com/advisories/21378
(UNKNOWN)  SECUNIA  21378
http://secunia.com/advisories/21351
(UNKNOWN)  SECUNIA  21351
http://secunia.com/advisories/21346
(UNKNOWN)  SECUNIA  21346
http://secunia.com/advisories/21333
(UNKNOWN)  SECUNIA  21333
http://secunia.com/advisories/21329
(UNKNOWN)  SECUNIA  21329
http://secunia.com/advisories/21326
(UNKNOWN)  SECUNIA  21326
http://secunia.com/advisories/21306
(UNKNOWN)  SECUNIA  21306
http://secunia.com/advisories/21300
(UNKNOWN)  SECUNIA  21300
http://secunia.com/advisories/21297
(UNKNOWN)  SECUNIA  21297
http://lwn.net/Alerts/194228/
(UNKNOWN)  TRUSTIX  2006-0044
http://issues.rpath.com/browse/RPL-560
(UNKNOWN)  MISC  http://issues.rpath.com/browse/RPL-560
http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204;msg=15;att=1
(UNKNOWN)  MISC  http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204;msg=15;att=1
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
(UNKNOWN)  SGI  20060801-01-P

- 漏洞信息

GnuPG parse_comment缓冲区溢出漏洞
中危 缓冲区溢出
2006-07-28 00:00:00 2006-08-08 00:00:00
远程  
        GnuPG是基于OpenPGP标准的PGP加密、解密、签名工具。
        GnuPG工具在处理超长用户参数时存在缓冲区溢出漏洞,攻击者可能利用此漏洞在用户机器上执行任意指令。
        如果向GnuPG提交超长的命令行参数,就会触发parse_comment中的缓冲区溢出,导致执行任意指令。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,我们?议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://www.gnu.org

- 漏洞信息 (F49304)

Mandriva Linux Security Advisory 2006.141 (PacketStormID:F49304)
2006-08-27 00:00:00
Mandriva  mandriva.com
advisory,overflow
linux,mandriva
CVE-2006-3746
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-141 - An integer overflow vulnerability was discovered in gnupg where an attacker could create a carefully-crafted message packet with a large length that could cause gnupg to crash or possibly overwrite memory when opened.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:141
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : gnupg
 Date    : August 14, 2006
 Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 An integer overflow vulnerability was discovered in gnupg where an
 attacker could create a carefully-crafted message packet with a large
 length that could cause gnupg to crash or possibly overwrite memory
 when opened.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3746
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 dad4f89b0659db5ce5f0ea5346937f84  2006.0/RPMS/gnupg-1.4.2.2-0.3.20060mdk.i586.rpm
 235e259f35fc3e064da19eeafb1928bb  2006.0/RPMS/gnupg2-1.9.16-4.2.20060mdk.i586.rpm
 4868f4809119c3eb251c750082eafb0c  2006.0/SRPMS/gnupg-1.4.2.2-0.3.20060mdk.src.rpm
 e200d2b1d9fd36bf87a2a115921671e1  2006.0/SRPMS/gnupg2-1.9.16-4.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 72633103b324b4a6304849b9adde6dee  x86_64/2006.0/RPMS/gnupg-1.4.2.2-0.3.20060mdk.x86_64.rpm
 1080c501a35fb063e45fffca91d1c577  x86_64/2006.0/RPMS/gnupg2-1.9.16-4.2.20060mdk.x86_64.rpm
 4868f4809119c3eb251c750082eafb0c  x86_64/2006.0/SRPMS/gnupg-1.4.2.2-0.3.20060mdk.src.rpm
 e200d2b1d9fd36bf87a2a115921671e1  x86_64/2006.0/SRPMS/gnupg2-1.9.16-4.2.20060mdk.src.rpm

 Corporate 3.0:
 48a68f90d599061b4605580c6dfb87c5  corporate/3.0/RPMS/gnupg-1.4.2.2-0.3.C30mdk.i586.rpm
 4948bb972e446f136d8f0c81045a68d6  corporate/3.0/SRPMS/gnupg-1.4.2.2-0.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 ca85cec5ae88d2a6aa0216aed0f38ffd  x86_64/corporate/3.0/RPMS/gnupg-1.4.2.2-0.3.C30mdk.x86_64.rpm
 4948bb972e446f136d8f0c81045a68d6  x86_64/corporate/3.0/SRPMS/gnupg-1.4.2.2-0.3.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 0d17b96d0b992d95a74c9a215088425b  mnf/2.0/RPMS/gnupg-1.4.2.2-0.4.M20mdk.i586.rpm
 6f752ebe3c8094f11f6bf2d3b7f3cb2e  mnf/2.0/SRPMS/gnupg-1.4.2.2-0.4.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE4MFVmqjQ0CJFipgRAmyEAJ0aTvIeW+OJxKW/q/cWKxThqTy86QCfSs0U
DEbL1baQptTF7BJh164sn/Y=
=GPyb
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F49040)

Debian Linux Security Advisory 1141-1 (PacketStormID:F49040)
2006-08-17 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-3746
[点击下载]

Debian Security Advisory 1141-1 - Evgeny Legerov discovered that overly large comments can crash gnupg, the GNU privacy guard.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1141-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 4th, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gnupg2
Vulnerability  : integer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-3746
BugTraq ID     : 19110
Debian Bug     : 381204

Evgeny Legerov discovered that overly large comments can crash gnupg,
the GNU privacy guard - a free PGP replacement, which is also present
in the development branch.

For the stable distribution (sarge) this problem has been fixed in
version 1.9.15-6sarge2.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your gnupg2 package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2.dsc
      Size/MD5 checksum:      854 2c392bb08b77bcb9995be4fbf2c58283
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2.diff.gz
      Size/MD5 checksum:  1860310 f465fe72762f514831d87583ca399bd5
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15.orig.tar.gz
      Size/MD5 checksum:  5454978 ee3885e2c74a9c1ae539d6f12091c30b

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_alpha.deb
      Size/MD5 checksum:   112370 a119a0b8c191e3689d42c9a213dd4f76
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_alpha.deb
      Size/MD5 checksum:   886302 4c5c70dd431e4ccc591a87d068ac9553
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_alpha.deb
      Size/MD5 checksum:   453490 eec6ae4af73ba7a7ccef13d4e36b003e

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_amd64.deb
      Size/MD5 checksum:    98516 fa8437eba6bda3ad2162d43a30195c8e
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_amd64.deb
      Size/MD5 checksum:   774640 30b1e6d048ba60c0e073c0c180bc686b
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_amd64.deb
      Size/MD5 checksum:   385744 72d4e6b41160959caec8301b23032897

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_arm.deb
      Size/MD5 checksum:    87376 ea0c54b9a3556192db52aa1178866d96
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_arm.deb
      Size/MD5 checksum:   712774 9b7ba34e952f1b860bafeaeba2178c82
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_arm.deb
      Size/MD5 checksum:   339734 78250a052bd3784f942045470fa118aa

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_i386.deb
      Size/MD5 checksum:    90114 918515e91219ed74277a53abdfafe943
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_i386.deb
      Size/MD5 checksum:   731710 253c2259991935b0318465e6b9eb8219
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_i386.deb
      Size/MD5 checksum:   351978 67b70918cb89760a02e53a5776ad39b6

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_ia64.deb
      Size/MD5 checksum:   130350 b00f67ed9488c494e38b2e4e29266174
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_ia64.deb
      Size/MD5 checksum:  1026420 5a988d46cbf0a5934cf348d731ca1a15
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_ia64.deb
      Size/MD5 checksum:   539966 515877cf2dd350361ff10a0c58ea11a9

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_hppa.deb
      Size/MD5 checksum:   100620 f5f9366786672079f327f365385425f4
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_hppa.deb
      Size/MD5 checksum:   794818 dcbed566a023e7e67e00898c07af70af
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_hppa.deb
      Size/MD5 checksum:   394016 71252acf652b07008f09442d0231df51

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_m68k.deb
      Size/MD5 checksum:    82194 50c0f479584c5e461c3f19fa0f2b15cb
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_m68k.deb
      Size/MD5 checksum:   669558 8ef059958304096b34a6afc28dc90211
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_m68k.deb
      Size/MD5 checksum:   312018 6a268cb889f3d63100eab8556e747126

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_mips.deb
      Size/MD5 checksum:   100550 e8d48a649076e96490fbc5312840d4a7
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_mips.deb
      Size/MD5 checksum:   788684 7bce8a4ac745fb31edbd36ac30952e14
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_mips.deb
      Size/MD5 checksum:   395128 b146bb25bd370d3b291bb09ea030f777

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_mipsel.deb
      Size/MD5 checksum:   101030 fb640cb9e3e11c780689e73c6e3a634b
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_mipsel.deb
      Size/MD5 checksum:   790182 a787aa68ea3e88ea41772e75627e15c1
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_mipsel.deb
      Size/MD5 checksum:   396312 821572bca6b813b65e72017f38c0a367

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_powerpc.deb
      Size/MD5 checksum:    95628 cf88406807fc6743022e9c3da4d29bad
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_powerpc.deb
      Size/MD5 checksum:   769376 4311b23a564c3964a9a96cb13923a5be
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_powerpc.deb
      Size/MD5 checksum:   377396 9918891d1cd6d307cd0b1772b3c698da

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_s390.deb
      Size/MD5 checksum:    98758 c728d9ae54f35867e0739b316f09f301
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_s390.deb
      Size/MD5 checksum:   766466 3b996b477a5c82a7b4b828daa931cb3e
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_s390.deb
      Size/MD5 checksum:   384794 e6a36afdcc54605336195929ac7fd715

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_sparc.deb
      Size/MD5 checksum:    89600 18af0a390ff51141947be8186a7579b1
    http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_sparc.deb
      Size/MD5 checksum:   721000 e8133a5b950115c89e0d702161c76ec9
    http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_sparc.deb
      Size/MD5 checksum:   345248 2b2d8a191d7832d570fb0ea8bb4a4eb1


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE0s7mW5ql+IAeqTIRApkOAJ9003CJpBkY5RY2EAFtgTim6zw0gACfV4ol
QnIzr+1h8GBh9adChiWVJzw=
=k4VG
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F49028)

Debian Linux Security Advisory 1140-1 (PacketStormID:F49028)
2006-08-17 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-3746
[点击下载]

Debian Security Advisory 1140-1 - Evgeny Legerov discovered that overly large comments can crash gnupg.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1140-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 3rd, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gnupg
Vulnerability  : integer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-3746
BugTraq ID     : 19110
Debian Bug     : 381204

Evgeny Legerov discovered that overly large comments can crash gnupg,
the GNU privacy guard - a free PGP replacement.

For the stable distribution (sarge) this problem has been fixed in
version 1.4.1-1.sarge5.

For the unstable distribution (sid) this problem has been fixed in
version 1.4.5-1.

We recommend that you upgrade your gnupg package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5.dsc
      Size/MD5 checksum:      680 3ca752cd4daad97be9a5c39c8946529f
    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5.diff.gz
      Size/MD5 checksum:    20602 60b0f10cc733d5db834cc938ea64c9c6
    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
      Size/MD5 checksum:  4059170 1cc77c6943baaa711222e954bbd785e5

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_alpha.deb
      Size/MD5 checksum:  2155966 7247aeac9ee92201dd653d72250b6635

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_amd64.deb
      Size/MD5 checksum:  1963522 090bc4edbbcff55a42e0f0e150bebe1c

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_arm.deb
      Size/MD5 checksum:  1899504 3d5a8c67821576dcb96db83439689693

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_i386.deb
      Size/MD5 checksum:  1908672 27f9a0178ae75e60f4190f7cc1b648b2

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_ia64.deb
      Size/MD5 checksum:  2325364 7cb958f11cf26f2606a8630b0837302b

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_hppa.deb
      Size/MD5 checksum:  2004276 0a18314991ba8b9df2197dc59fa9fc9b

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_m68k.deb
      Size/MD5 checksum:  1811104 3d34a165f7e7b9b7f7762ea3f098436a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_mips.deb
      Size/MD5 checksum:  2000886 fd5a35eea245eed1d8e867c2dab420fe

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_mipsel.deb
      Size/MD5 checksum:  2007526 a7d376140cc177b7365b8931e443b511

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_powerpc.deb
      Size/MD5 checksum:  1957954 405cd2998ce0d4e4867a2b781d023db5

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_s390.deb
      Size/MD5 checksum:  1967138 4e863993101250029ce2f276a83c964b

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_sparc.deb
      Size/MD5 checksum:  1897516 bce716a627c062c3ca034d8d49c24b58


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE0jkdW5ql+IAeqTIRAoTxAJ0Zs2nLB4X3MMPdkDg/KT5UWEE5WACeIr81
o446xzQ7vYxzuJiC+Bg1isc=
=tgaH
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F49020)

Ubuntu Security Notice 332-1 (PacketStormID:F49020)
2006-08-17 00:00:00
Ubuntu  security.ubuntu.com
advisory,overflow,arbitrary
linux,ubuntu
CVE-2006-3746
[点击下载]

Ubuntu Security Notice USN-332-1 - Evgeny Legerov discovered that gnupg did not sufficiently check the validity of the comment and a control field. Specially crafted GPG data could cause a buffer overflow. This could be exploited to execute arbitrary code with the user's privileges if an attacker can trick an user into processing a malicious encrypted/signed document with gnupg.

=========================================================== 
Ubuntu Security Notice USN-332-1            August 03, 2006
gnupg vulnerability
CVE-2006-3746
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  gnupg                                    1.2.5-3ubuntu5.5

Ubuntu 5.10:
  gnupg                                    1.4.1-1ubuntu1.4

Ubuntu 6.06 LTS:
  gnupg                                    1.4.2.2-1ubuntu2.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Evgeny Legerov discovered that gnupg did not sufficiently check the
validity of the comment and a control field. Specially crafted GPG
data could cause a buffer overflow. This could be exploited to execute
arbitrary code with the user's privileges if an attacker can trick an
user into processing a malicious encrypted/signed document with gnupg.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5.diff.gz
      Size/MD5:    67172 29ae368ce975c0ba45f5f8faab3544eb
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5.dsc
      Size/MD5:      654 b77427b0e347fd51822fbded59629c39
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5.orig.tar.gz
      Size/MD5:  3645308 9109ff94f7a502acd915a6e61d28d98a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5_amd64.deb
      Size/MD5:   806304 ed9984ee4c43817ad4bfaac0318dacd2
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.5_amd64.udeb
      Size/MD5:   146492 1761ff0057e8c5fc1290bb6fea061fff

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5_i386.deb
      Size/MD5:   750870 327780d0bc5b4492cfb2d91d81ce1e4d
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.5_i386.udeb
      Size/MD5:   121414 755b78879ae2ff649831bc4258ec9cd0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5_powerpc.deb
      Size/MD5:   806802 659c72a26c312d0a21dfca0ef8168dc1
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.5_powerpc.udeb
      Size/MD5:   135552 738c35bc6fce9b6c23a85bcd8e805d31

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4.diff.gz
      Size/MD5:    21517 ce1cea807240a851dc29c0ad1c8e3824
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4.dsc
      Size/MD5:      684 75bea35501b917876414e63811e4724f
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
      Size/MD5:  4059170 1cc77c6943baaa711222e954bbd785e5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_amd64.deb
      Size/MD5:  1136488 845e1771e0f8437a7d77b8ffcdc13b5a
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_amd64.udeb
      Size/MD5:   152266 3a4de994f65e12058b69eeb3940d8c9f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_i386.deb
      Size/MD5:  1044632 f8da3941df01cced12e35fb0c4bf3e53
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_i386.udeb
      Size/MD5:   130694 3af2232b978645923226a0cb6714475d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_powerpc.deb
      Size/MD5:  1119760 3a01f0ee2ba319d6d884b84f82b25f2d
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_powerpc.udeb
      Size/MD5:   140248 a61c84caeecffb3b3c3207b28a84e8ab

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_sparc.deb
      Size/MD5:  1064344 258595b36dd297f5100cc82f59717e54
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_sparc.udeb
      Size/MD5:   139584 58cc4a91254ea52878b4df2873ad22c2

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2.diff.gz
      Size/MD5:    20451 b0c637087a904197f957c32b6364417d
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2.dsc
      Size/MD5:      692 84098e8a7001961c8141eb8ea4f3dcde
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2.orig.tar.gz
      Size/MD5:  4222685 50d8fd9c5715ff78b7db0e5f20d08550

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_amd64.deb
      Size/MD5:  1066284 23f4741e2da976dd050d38c5da08e9f8
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_amd64.udeb
      Size/MD5:   140296 c53b5fbc2cc73451b72875907cc417c1

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_i386.deb
      Size/MD5:   981204 ed7bcc9d4a3442efbcac2f4b99a2b57d
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_i386.udeb
      Size/MD5:   120282 031ef43bea646c9687a8e9d1929ad988

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_powerpc.deb
      Size/MD5:  1053660 7ee4f7add0d48f056fb0fc964b85b032
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_powerpc.udeb
      Size/MD5:   130170 fe7a1606cc65d71fce2b7e7f3fab88dc

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_sparc.deb
      Size/MD5:   993782 025a2fbe8c4a466b37b2a455226f3876
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_sparc.udeb
      Size/MD5:   127434 2d5a6522372b8c645a2fb5b37bb1e846

    

- 漏洞信息

27664
GnuPG parse_comment Function Crafted Message Overflow DoS
Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-07-21 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

GnuPG Parse_Comment Remote Buffer Overflow Vulnerability
Boundary Condition Error 19110
Yes No
2006-07-22 12:00:00 2007-03-19 10:44:00
Evgeny Legerov discovered this issue.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux -current
SGI ProPack 3.0 SP6
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
rPath rPath Linux 1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core6
Red Hat Fedora Core5
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
GNU GNU Privacy Guard 1.9.10
GNU GNU Privacy Guard 1.4.4
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Avaya Interactive Response 1.3
Avaya Interactive Response 1.2.1
Avaya Interactive Response
Avaya Integrated Management 2.1
Avaya Integrated Management
Avaya CVLAN
GNU GNU Privacy Guard 1.4.5

- 不受影响的程序版本

GNU GNU Privacy Guard 1.4.5

- 漏洞讨论

GnuPG is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This issue may allow remote attackers to execute arbitrary machine code in the context of the affected application, but this has not been confirmed.

GnuPG version 1.4.4 is vulnerable to this issue; previous versions may also be affected.

- 漏洞利用

The following Perl command demonstrates this issue by crashing the affected application:

perl -e 'print "\xfd\xff\xff\xff\xff\xfe"'| /var/gnupg/bin/gpg --no-armor

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

rPath Linux has released a fix for this vulnerability. Please see the references for vendor advisories and more information.


GNU GNU Privacy Guard 1.4.4

GNU GNU Privacy Guard 1.9.10

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站