ID CVE-2006-3082
Summary parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
References
Vulnerable Configurations
  • GnuPG (Privacy Guard) 1.4.3
    cpe:2.3:a:gnupg:gnupg:1.4.3
  • GnuPG (Privacy Guard) 1.9.20
    cpe:2.3:a:gnupg:gnupg:1.9.20
CVSS
Base: 5.0 (as of 19-06-2006 - 14:13)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description GnuPG 1.4.3/1.9.x Parse_User_ID Remote Buffer Overflow Vulnerability. CVE-2006-3082. Dos exploit for linux platform
id EDB-ID:28077
last seen 2016-02-03
modified 2006-06-20
published 2006-06-20
reporter Evgeny Legerov
source https://www.exploit-db.com/download/28077/
title GnuPG 1.4.3/1.9.x Parse_User_ID Remote Buffer Overflow Vulnerability
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GPG2-1834.NASL
    description It is possible to crash (denial of service) the GNU Privacy Guard (gpg) by supplying a specifically crafted message specifying a very large UID, which leads to an out of memory situation or an integer overflow. It is unclear if this problem can be exploited to execute code. This issue is tracked by the Mitre CVE ID CVE-2006-3082.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29451
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29451
    title SuSE 10 Security Update : gpg2 (ZYPP Patch Number 1834)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GPG-1664.NASL
    description It is possible to crash (denial of service) the GNU Privacy Guard (gpg) by supplying a specifically crafted message specifying a very large UID, which leads to an out of memory situation or an integer overflow. It is unclear if this problem can be exploited to execute code. This issue is tracked by the Mitre CVE ID CVE-2006-3082.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27244
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27244
    title openSUSE 10 Security Update : gpg (gpg-1664)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0571.NASL
    description An updated GnuPG package that fixes a security issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. An integer overflow flaw was found in GnuPG. An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened. (CVE-2006-3082) All users of GnuPG are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22065
    published 2006-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22065
    title CentOS 3 / 4 : gnupg (CESA-2006:0571)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0571.NASL
    description An updated GnuPG package that fixes a security issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. An integer overflow flaw was found in GnuPG. An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened. (CVE-2006-3082) All users of GnuPG are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22069
    published 2006-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22069
    title RHEL 2.1 / 3 / 4 : gnupg (RHSA-2006:0571)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1115.NASL
    description Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID string.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22657
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22657
    title Debian DSA-1115-1 : gnupg2 - integer overflow
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GPG2-1835.NASL
    description It is possible to crash (denial of service) the GNU Privacy Guard (gpg) by supplying a specifically crafted message specifying a very large UID, which leads to an out of memory situation or an integer overflow. It is unclear if this problem can be exploited to execute code. This issue is tracked by the Mitre CVE ID CVE-2006-3082.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27249
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27249
    title openSUSE 10 Security Update : gpg2 (gpg2-1835)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2006-178-02.NASL
    description New GnuPG packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues which could allow an attacker to crash gnupg and possibly overwrite memory which could lead to an integer overflow.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 21766
    published 2006-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21766
    title Slackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : gnupg DoS (SSA:2006-178-02)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-110.NASL
    description A vulnerability was discovered in GnuPG 1.4.3 and 1.9.20 (and earlier) that could allow a remote attacker to cause gpg to crash and possibly overwrite memory via a message packet with a large length. The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 21754
    published 2006-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21754
    title Mandrake Linux Security Advisory : gnupg (MDKSA-2006:110)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-304-1.NASL
    description Evgeny Legerov discovered that GnuPG did not sufficiently check overly large user ID packets. Specially crafted user IDs caused a buffer overflow. By tricking an user or remote automated system into processing a malicous GnuPG message, an attacker could exploit this to crash GnuPG or possibly even execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27879
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27879
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : gnupg vulnerability (USN-304-1)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL6535.NASL
    description The remote BIG-IP device is missing a patch required by a security advisory.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 78208
    published 2014-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78208
    title F5 Networks BIG-IP : Denial of service vulnerability in GnuPG (SOL6535)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_F900BDA8047211DBBBF7000C6EC775D9.NASL
    description If GnuPG processes a userid with a very long packet length, GnuPG can crash due to insufficient bounds check. This can result in a denial-of-service condition or potentially execution of arbitrary code with the privileges of the user running GnuPG.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 21756
    published 2006-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21756
    title FreeBSD : gnupg -- user id integer overflow vulnerability (f900bda8-0472-11db-bbf7-000c6ec775d9)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1107.NASL
    description Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID string.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22649
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22649
    title Debian DSA-1107-1 : gnupg - integer overflow
oval via4
accepted 2013-04-29T04:01:29.562-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
family unix
id oval:org.mitre.oval:def:10089
status accepted
submitted 2010-07-09T03:56:16-04:00
title parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
version 23
redhat via4
advisories
bugzilla
id 195945
title CVE-2006-3082 gnupg integer overflow
oval
OR
  • AND
    comment Red Hat Enterprise Linux 3 is installed
    oval oval:com.redhat.rhsa:tst:20060015001
  • AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhsa:tst:20060016001
rhsa
id RHSA-2006:0571
released 2006-07-18
severity Moderate
title RHSA-2006:0571: gnupg security update (Moderate)
refmap via4
bid 18554
bugtraq 20060629 rPSA-2006-0120-1 gnupg
confirm
debian
  • DSA-1107
  • DSA-1115
fulldisc
  • 20060531 GnuPG fun
  • 20060531 RE: GnuPG fun
  • 20060601 Re: GnuPG fun
mandriva MDKSA-2006:110
openpkg OpenPKG-SA-2006.010
sectrack 1016519
secunia
  • 20783
  • 20801
  • 20811
  • 20829
  • 20881
  • 20899
  • 20968
  • 21063
  • 21135
  • 21137
  • 21143
  • 21585
sgi 20060701-01-U
slackware SSA:2006-178-02
suse
  • SUSE-SR:2006:015
  • SUSE-SR:2006:018
ubuntu USN-304-1
vupen ADV-2006-2450
xf gnupg-parsepacket-bo(27245)
Last major update 07-03-2011 - 00:00
Published 19-06-2006 - 14:02
Last modified 18-10-2018 - 12:45
Back to Top