Editor Login | Register
Ekle

> World > Security
GnuPG Duplicated IDs Memory Corruption - Security - World -
CWRedLight
(Date : 02.04.2008 18:17:20)


GnuPG Duplicated IDs Memory Corruption
Secunia Advisory: SA29568  
Release Date: 2008-04-01

Critical:
Moderately critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

Software:GnuPG / gpg 1.4.x
GnuPG / gpg 2.x

CVE reference:CVE-2008-1530 (Secunia mirror)

Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS!


Description:
A vulnerability has been reported in GnuPG, which can potentially be exploited to compromise a vulnerable system.

The vulnerability is caused due to an error when importing keys with duplicated IDs. This can be exploited to cause a memory corruption when importing keys via --refresh-keys or --import.

Successful exploitation potentially allows execution of arbitrary code, but has not been proven yet.

The vulnerability is reported in version 1.4.8 and 2.0.8. Prior versions may also be affected.

Solution:
Update to version 1.4.9 or 2.0.9.
ftp://ftp.gnupg.org/gcrypt/gnupg

Provided and/or discovered by:
Andrea Barisani, oCERT

Original Advisory:
http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html
https://bugs.g10code.com/gnupg/issue894

oCERT:
http://www.ocert.org/advisories/ocert-2008-1.html








Derecelendir
Kaynak http://secunia.com/advisories/29568/
İçerik İhbarı
Bağlantılar: bilgininefendisi.net

Open Source Document Project AUP&TOS