ID CVE-2006-3746
Summary Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.
References
Vulnerable Configurations
  • GnuPG (Privacy Guard) 1.4.4
    cpe:2.3:a:gnupg:gnupg:1.4.4
CVSS
Base: 5.0 (as of 31-07-2006 - 16:49)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description GnuPG 1.4/1.9 Parse_Comment Remote Buffer Overflow Vulnerability. CVE-2006-3746 . Dos exploit for linux platform
id EDB-ID:28257
last seen 2016-02-03
modified 2006-07-22
published 2006-07-22
reporter Evgeny Legerov
source https://www.exploit-db.com/download/28257/
title GnuPG 1.4/1.9 Parse_Comment Remote Buffer Overflow Vulnerability
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1141.NASL
    description Evgeny Legerov discovered that overly large comments can crash gnupg, the GNU privacy guard - a free PGP replacement, which is also present in the development branch.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22683
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22683
    title Debian DSA-1141-1 : gnupg2 - integer overflow
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-332-1.NASL
    description Evgeny Legerov discovered that gnupg did not sufficiently check the validity of the comment and a control field. Specially crafted GPG data could cause a buffer overflow. This could be exploited to execute arbitrary code with the user's privileges if an attacker can trick an user into processing a malicious encrypted/signed document with gnupg. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27911
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27911
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : gnupg vulnerability (USN-332-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-141.NASL
    description An integer overflow vulnerability was discovered in gnupg where an attacker could create a carefully-crafted message packet with a large length that could cause gnupg to crash or possibly overwrite memory when opened. Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 23890
    published 2006-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23890
    title Mandrake Linux Security Advisory : gnupg (MDKSA-2006:141)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GPG2-1956.NASL
    description This update of gpg2 fixes an segmentation fault when using the--no-armor option. This failure leads to a denial-of-service attack and may be used execute arbitrary code. (CVE-2006-3746)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27250
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27250
    title openSUSE 10 Security Update : gpg2 (gpg2-1956)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1140.NASL
    description Evgeny Legerov discovered that overly large comments can crash gnupg, the GNU privacy guard - a free PGP replacement.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22682
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22682
    title Debian DSA-1140-1 : gnupg - integer overflow
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0615.NASL
    description Updated GnuPG packages that fix a security issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. An integer overflow flaw was found in GnuPG. An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened. (CVE-2006-3746) All users of GnuPG are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22164
    published 2006-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22164
    title CentOS 3 / 4 : gnupg (CESA-2006:0615)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0615.NASL
    description From Red Hat Security Advisory 2006:0615 : Updated GnuPG packages that fix a security issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. An integer overflow flaw was found in GnuPG. An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened. (CVE-2006-3746) All users of GnuPG are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67400
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67400
    title Oracle Linux 4 : gnupg (ELSA-2006-0615)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GPG-1959.NASL
    description This update of gpg fixes an segmentation fault when using the--no-armor option. This failure leads to a denial-of-service attack and may be used execute arbitrary code. (CVE-2006-3746)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29448
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29448
    title SuSE 10 Security Update : gpg (ZYPP Patch Number 1959)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200608-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-200608-08 (GnuPG: Integer overflow vulnerability) Evgeny Legerov discovered a vulnerability in GnuPG that when certain packets are handled an integer overflow may occur. Impact : By sending a specially crafted email to a user running an affected version of GnuPG, a remote attacker could possibly execute arbitrary code with the permissions of the user running GnuPG. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 22166
    published 2006-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22166
    title GLSA-200608-08 : GnuPG: Integer overflow vulnerability
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0615.NASL
    description Updated GnuPG packages that fix a security issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. An integer overflow flaw was found in GnuPG. An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened. (CVE-2006-3746) All users of GnuPG are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22151
    published 2006-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22151
    title RHEL 2.1 / 3 / 4 : gnupg (RHSA-2006:0615)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GPG-1955.NASL
    description This update of gpg fixes an segmentation fault when using the--no-armor option. This failure leads to a denial-of-service attack and may be used execute arbitrary code. (CVE-2006-3746)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27245
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27245
    title openSUSE 10 Security Update : gpg (gpg-1955)
oval via4
accepted 2013-04-29T04:13:26.007-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.
family unix
id oval:org.mitre.oval:def:11347
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.
version 23
redhat via4
advisories
bugzilla
id 200502
title CVE-2006-3746 GnuPG Parse_Comment Remote Buffer Overflow
oval
OR
  • AND
    comment Red Hat Enterprise Linux 3 is installed
    oval oval:com.redhat.rhsa:tst:20060015001
  • AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhsa:tst:20060016001
rhsa
id RHSA-2006:0615
released 2006-08-02
severity Moderate
title RHSA-2006:0615: gnupg security update (Moderate)
refmap via4
bid 19110
bugtraq
  • 20060802 rPSA-2006-0143-1 gnupg
  • 20060808 ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability
confirm http://support.avaya.com/elmodocs2/security/ASA-2006-164.htm
debian
  • DSA-1140
  • DSA-1141
gentoo GLSA-200608-08
mandriva MDKSA-2006:141
misc
mlist
  • [Dailydave] 20060721 GnuPG 1.4.4 fun
  • [Gnupg-devel] 20060725 Re: [Dailydave] GnuPG 1.4.4 fun
osvdb 27664
sectrack 1016622
secunia
  • 21297
  • 21300
  • 21306
  • 21326
  • 21329
  • 21333
  • 21346
  • 21351
  • 21378
  • 21467
  • 21522
  • 21524
  • 21598
sgi 20060801-01-P
suse SUSE-SR:2006:020
trustix 2006-0044
ubuntu USN-332-1
vupen ADV-2006-3123
xf gnupg-parsecomment-bo(28220)
Last major update 07-03-2011 - 21:39
Published 28-07-2006 - 17:04
Last modified 17-10-2018 - 17:29
Back to Top