ID CVE-2018-12020
Summary mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
References
Vulnerable Configurations
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.5
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
  • Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Canonical Ubuntu Linux 12.04 ESM (Extended Security Maintenance)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:esm
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 17.10
    cpe:2.3:o:canonical:ubuntu_linux:17.10
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.10
    cpe:2.3:o:canonical:ubuntu_linux:18.10
  • Canonical Ubuntu Linux 19.04
    cpe:2.3:o:canonical:ubuntu_linux:19.04
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • GnuPG (Privacy Guard) 0.0.0 (initial release)
    cpe:2.3:a:gnupg:gnupg:0.0.0
  • GnuPG (GNU Privacy Guard) 0.1.0
    cpe:2.3:a:gnupg:gnupg:0.1.0
  • GnuPG (GNU Privacy Guard) 0.1.1
    cpe:2.3:a:gnupg:gnupg:0.1.1
  • GnuPG (GNU Privacy Guard) 0.1.2
    cpe:2.3:a:gnupg:gnupg:0.1.2
  • GnuPG (GNU Privacy Guard) 0.1.3
    cpe:2.3:a:gnupg:gnupg:0.1.3
  • GnuPG (GNU Privacy Guard) 0.2.0
    cpe:2.3:a:gnupg:gnupg:0.2.0
  • GnuPG (GNU Privacy Guard) 0.2.1
    cpe:2.3:a:gnupg:gnupg:0.2.1
  • GnuPG (GNU Privacy Guard) 0.2.2
    cpe:2.3:a:gnupg:gnupg:0.2.2
  • GnuPG (GNU Privacy Guard) 0.2.3
    cpe:2.3:a:gnupg:gnupg:0.2.3
  • GnuPG (GNU Privacy Guard) 0.2.4
    cpe:2.3:a:gnupg:gnupg:0.2.4
  • GnuPG (GNU Privacy Guard) 0.2.5
    cpe:2.3:a:gnupg:gnupg:0.2.5
  • GnuPG (GNU Privacy Guard) 0.2.6
    cpe:2.3:a:gnupg:gnupg:0.2.6
  • GnuPG (GNU Privacy Guard) 0.2.7
    cpe:2.3:a:gnupg:gnupg:0.2.7
  • GnuPG (GNU Privacy Guard) 0.2.8
    cpe:2.3:a:gnupg:gnupg:0.2.8
  • GnuPG (GNU Privacy Guard) 0.2.9
    cpe:2.3:a:gnupg:gnupg:0.2.9
  • GnuPG (GNU Privacy Guard) 0.2.10
    cpe:2.3:a:gnupg:gnupg:0.2.10
  • GnuPG (GNU Privacy Guard) 0.2.11
    cpe:2.3:a:gnupg:gnupg:0.2.11
  • GnuPG (GNU Privacy Guard) 0.2.12
    cpe:2.3:a:gnupg:gnupg:0.2.12
  • GnuPG (GNU Privacy Guard) 0.2.13
    cpe:2.3:a:gnupg:gnupg:0.2.13
  • GnuPG (GNU Privacy Guard) 0.2.14
    cpe:2.3:a:gnupg:gnupg:0.2.14
  • GnuPG (Privacy Guard) 0.2.15
    cpe:2.3:a:gnupg:gnupg:0.2.15
  • GnuPG (Privacy Guard) 0.2.16
    cpe:2.3:a:gnupg:gnupg:0.2.16
  • GnuPG (Privacy Guard) 0.2.17
    cpe:2.3:a:gnupg:gnupg:0.2.17
  • GnuPG (Privacy Guard) 0.2.18
    cpe:2.3:a:gnupg:gnupg:0.2.18
  • GnuPG (Privacy Guard) 0.2.19
    cpe:2.3:a:gnupg:gnupg:0.2.19
  • GnuPG (Privacy Guard) 0.3.0
    cpe:2.3:a:gnupg:gnupg:0.3.0
  • GnuPG (Privacy Guard) 0.3.1
    cpe:2.3:a:gnupg:gnupg:0.3.1
  • GnuPG (Privacy Guard) 0.3.2
    cpe:2.3:a:gnupg:gnupg:0.3.2
  • GnuPG (Privacy Guard) 0.3.3
    cpe:2.3:a:gnupg:gnupg:0.3.3
  • GnuPG (Privacy Guard) 0.3.4
    cpe:2.3:a:gnupg:gnupg:0.3.4
  • GnuPG (Privacy Guard) 0.3.5
    cpe:2.3:a:gnupg:gnupg:0.3.5
  • GnuPG (Privacy Guard) 0.4.0
    cpe:2.3:a:gnupg:gnupg:0.4.0
  • GnuPG (Privacy Guard) 0.4.1
    cpe:2.3:a:gnupg:gnupg:0.4.1
  • GnuPG (GNU Privacy Guard) 0.4.2
    cpe:2.3:a:gnupg:gnupg:0.4.2
  • GnuPG (Privacy Guard) 0.4.3
    cpe:2.3:a:gnupg:gnupg:0.4.3
  • GnuPG (Privacy Guard) 0.4.4
    cpe:2.3:a:gnupg:gnupg:0.4.4
  • GnuPG (Privacy Guard) 0.4.5
    cpe:2.3:a:gnupg:gnupg:0.4.5
  • GnuPG (Privacy Guard) 0.9.0
    cpe:2.3:a:gnupg:gnupg:0.9.0
  • GnuPG (Privacy Guard) 0.9.1
    cpe:2.3:a:gnupg:gnupg:0.9.1
  • GnuPG (Privacy Guard) 0.9.2
    cpe:2.3:a:gnupg:gnupg:0.9.2
  • GnuPG (Privacy Guard) 0.9.3
    cpe:2.3:a:gnupg:gnupg:0.9.3
  • GnuPG (Privacy Guard) 0.9.4
    cpe:2.3:a:gnupg:gnupg:0.9.4
  • GnuPG (Privacy Guard) 0.9.5
    cpe:2.3:a:gnupg:gnupg:0.9.5
  • GnuPG (Privacy Guard) 0.9.6
    cpe:2.3:a:gnupg:gnupg:0.9.6
  • GnuPG (Privacy Guard) 0.9.7
    cpe:2.3:a:gnupg:gnupg:0.9.7
  • GnuPG (Privacy Guard) 0.9.8
    cpe:2.3:a:gnupg:gnupg:0.9.8
  • GnuPG (Privacy Guard) 0.9.9
    cpe:2.3:a:gnupg:gnupg:0.9.9
  • GnuPG (Privacy Guard) 0.9.10
    cpe:2.3:a:gnupg:gnupg:0.9.10
  • GnuPG (Privacy Guard) 0.9.11
    cpe:2.3:a:gnupg:gnupg:0.9.11
  • GnuPG (Privacy Guard) 1.0.0
    cpe:2.3:a:gnupg:gnupg:1.0.0
  • GnuPG (Privacy Guard) 1.0.1
    cpe:2.3:a:gnupg:gnupg:1.0.1
  • GnuPG (Privacy Guard) 1.0.2
    cpe:2.3:a:gnupg:gnupg:1.0.2
  • GnuPG (Privacy Guard) 1.0.3
    cpe:2.3:a:gnupg:gnupg:1.0.3
  • GnuPG (Privacy Guard) 1.0.4
    cpe:2.3:a:gnupg:gnupg:1.0.4
  • GnuPG (Privacy Guard) 1.0.4:-:win32
    cpe:2.3:a:gnupg:gnupg:1.0.4:-:win32
  • GnuPG (Privacy Guard) 1.0.5
    cpe:2.3:a:gnupg:gnupg:1.0.5
  • GnuPG (Privacy Guard) 1.0.5:-:win32
    cpe:2.3:a:gnupg:gnupg:1.0.5:-:win32
  • GnuPG (Privacy Guard) 1.0.6
    cpe:2.3:a:gnupg:gnupg:1.0.6
  • GnuPG (Privacy Guard) 1.0.7
    cpe:2.3:a:gnupg:gnupg:1.0.7
  • GnuPG (GNU Privacy Guard) 1.1.90
    cpe:2.3:a:gnupg:gnupg:1.1.90
  • GnuPG (GNU Privacy Guard) 1.1.91
    cpe:2.3:a:gnupg:gnupg:1.1.91
  • GnuPG (GNU Privacy Guard) 1.1.92
    cpe:2.3:a:gnupg:gnupg:1.1.92
  • GnuPG (Privacy Guard) 1.2.0
    cpe:2.3:a:gnupg:gnupg:1.2.0
  • GnuPG (Privacy Guard) 1.2.1
    cpe:2.3:a:gnupg:gnupg:1.2.1
  • GnuPG (Privacy Guard) 1.2.1:windows
    cpe:2.3:a:gnupg:gnupg:1.2.1:windows
  • GnuPG (Privacy Guard) 1.2.2
    cpe:2.3:a:gnupg:gnupg:1.2.2
  • GnuPG (Privacy Guard) 1.2.3
    cpe:2.3:a:gnupg:gnupg:1.2.3
  • GnuPG (Privacy Guard) 1.2.4
    cpe:2.3:a:gnupg:gnupg:1.2.4
  • GnuPG (Privacy Guard) 1.2.5
    cpe:2.3:a:gnupg:gnupg:1.2.5
  • GnuPG (Privacy Guard) 1.2.6
    cpe:2.3:a:gnupg:gnupg:1.2.6
  • GnuPG (Privacy Guard) 1.2.7
    cpe:2.3:a:gnupg:gnupg:1.2.7
  • GnuPG (GNU Privacy Guard) 1.2.8
    cpe:2.3:a:gnupg:gnupg:1.2.8
  • GnuPG (Privacy Guard) 1.3.0
    cpe:2.3:a:gnupg:gnupg:1.3.0
  • GnuPG (Privacy Guard) 1.3.1
    cpe:2.3:a:gnupg:gnupg:1.3.1
  • GnuPG (Privacy Guard) 1.3.2
    cpe:2.3:a:gnupg:gnupg:1.3.2
  • GnuPG (Privacy Guard) 1.3.3
    cpe:2.3:a:gnupg:gnupg:1.3.3
  • GnuPG (Privacy Guard) 1.3.4
    cpe:2.3:a:gnupg:gnupg:1.3.4
  • GnuPG (Privacy Guard) 1.3.6
    cpe:2.3:a:gnupg:gnupg:1.3.6
  • GnuPG (Privacy Guard) 1.3.90
    cpe:2.3:a:gnupg:gnupg:1.3.90
  • GnuPG (Privacy Guard) 1.3.91
    cpe:2.3:a:gnupg:gnupg:1.3.91
  • GnuPG (Privacy Guard) 1.3.92
    cpe:2.3:a:gnupg:gnupg:1.3.92
  • GnuPG (Privacy Guard) 1.3.93
    cpe:2.3:a:gnupg:gnupg:1.3.93
  • GnuPG (Privacy Guard) 1.4.0
    cpe:2.3:a:gnupg:gnupg:1.4.0
  • GnuPG (GNU Privacy Guard) 1.4.1
    cpe:2.3:a:gnupg:gnupg:1.4.1
  • GnuPG (Privacy Guard) 1.4.2
    cpe:2.3:a:gnupg:gnupg:1.4.2
  • GnuPG (Privacy Guard) 1.4.3
    cpe:2.3:a:gnupg:gnupg:1.4.3
  • GnuPG (Privacy Guard) 1.4.4
    cpe:2.3:a:gnupg:gnupg:1.4.4
  • GnuPG (Privacy Guard) 1.4.5
    cpe:2.3:a:gnupg:gnupg:1.4.5
  • GnuPG (GNU Privacy Guard) 1.4.6
    cpe:2.3:a:gnupg:gnupg:1.4.6
  • GnuPG (GNU Privacy Guard) 1.4.7
    cpe:2.3:a:gnupg:gnupg:1.4.7
  • GnuPG (Privacy Guard) 1.4.8
    cpe:2.3:a:gnupg:gnupg:1.4.8
  • GnuPG (GNU Privacy Guard) 1.4.9
    cpe:2.3:a:gnupg:gnupg:1.4.9
  • GnuPG (Privacy Guard) 1.4.10
    cpe:2.3:a:gnupg:gnupg:1.4.10
  • GnuPG (Privacy Guard) 1.4.11
    cpe:2.3:a:gnupg:gnupg:1.4.11
  • GnuPG (Privacy Guard) 1.4.12
    cpe:2.3:a:gnupg:gnupg:1.4.12
  • GnuPG (Privacy Guard) 1.4.13
    cpe:2.3:a:gnupg:gnupg:1.4.13
  • GnuPG (Privacy Guard) 1.4.14
    cpe:2.3:a:gnupg:gnupg:1.4.14
  • GnuPG (Privacy Guard) 1.4.15
    cpe:2.3:a:gnupg:gnupg:1.4.15
  • GnuPG (Privacy Guard) 1.4.16
    cpe:2.3:a:gnupg:gnupg:1.4.16
  • GnuPG (Privacy Guard) 1.4.17
    cpe:2.3:a:gnupg:gnupg:1.4.17
  • GnuPG (GNU Privacy Guard) 1.4.18
    cpe:2.3:a:gnupg:gnupg:1.4.18
  • GnuPG (GNU Privacy Guard) 1.4.19
    cpe:2.3:a:gnupg:gnupg:1.4.19
  • GnuPG (GNU Privacy Guard) 1.4.23
    cpe:2.3:a:gnupg:gnupg:1.4.23
  • GnuPG (GNU Privacy Guard) 1.9.0
    cpe:2.3:a:gnupg:gnupg:1.9.0
  • GnuPG (GNU Privacy Guard) 1.9.1
    cpe:2.3:a:gnupg:gnupg:1.9.1
  • GnuPG (GNU Privacy Guard) 1.9.2
    cpe:2.3:a:gnupg:gnupg:1.9.2
  • GnuPG (GNU Privacy Guard) 1.9.3
    cpe:2.3:a:gnupg:gnupg:1.9.3
  • GnuPG (GNU Privacy Guard) 1.9.4
    cpe:2.3:a:gnupg:gnupg:1.9.4
  • GnuPG (GNU Privacy Guard) 1.9.5
    cpe:2.3:a:gnupg:gnupg:1.9.5
  • GnuPG (GNU Privacy Guard) 1.9.6
    cpe:2.3:a:gnupg:gnupg:1.9.6
  • GnuPG (GNU Privacy Guard) 1.9.7
    cpe:2.3:a:gnupg:gnupg:1.9.7
  • GnuPG (GNU Privacy Guard) 1.9.8
    cpe:2.3:a:gnupg:gnupg:1.9.8
  • GnuPG (GNU Privacy Guard) 1.9.9
    cpe:2.3:a:gnupg:gnupg:1.9.9
  • GnuPG (GNU Privacy Guard) 1.9.10
    cpe:2.3:a:gnupg:gnupg:1.9.10
  • GnuPG (GNU Privacy Guard) 1.9.11
    cpe:2.3:a:gnupg:gnupg:1.9.11
  • GnuPG (GNU Privacy Guard) 1.9.12
    cpe:2.3:a:gnupg:gnupg:1.9.12
  • GnuPG (GNU Privacy Guard) 1.9.13
    cpe:2.3:a:gnupg:gnupg:1.9.13
  • GnuPG (GNU Privacy Guard) 1.9.14
    cpe:2.3:a:gnupg:gnupg:1.9.14
  • GnuPG (GNU Privacy Guard) 1.9.15
    cpe:2.3:a:gnupg:gnupg:1.9.15
  • GnuPG (Privacy Guard) 1.9.16
    cpe:2.3:a:gnupg:gnupg:1.9.16
  • GnuPG (Privacy Guard) 1.9.17
    cpe:2.3:a:gnupg:gnupg:1.9.17
  • GnuPG (GNU Privacy Guard) 1.9.18
    cpe:2.3:a:gnupg:gnupg:1.9.18
  • GnuPG (Privacy Guard) 1.9.19
    cpe:2.3:a:gnupg:gnupg:1.9.19
  • GnuPG (Privacy Guard) 1.9.20
    cpe:2.3:a:gnupg:gnupg:1.9.20
  • GnuPG (GNU Privacy Guard) 1.9.21
    cpe:2.3:a:gnupg:gnupg:1.9.21
  • GnuPG (GNU Privacy Guard) 1.9.22
    cpe:2.3:a:gnupg:gnupg:1.9.22
  • GnuPG (GNU Privacy Guard) 1.9.23
    cpe:2.3:a:gnupg:gnupg:1.9.23
  • GnuPG (GNU Privacy Guard) 1.9.90
    cpe:2.3:a:gnupg:gnupg:1.9.90
  • GnuPG (GNU Privacy Guard) 1.9.91
    cpe:2.3:a:gnupg:gnupg:1.9.91
  • GnuPG (Privacy Guard) 1.9.92
    cpe:2.3:a:gnupg:gnupg:1.9.92
  • GnuPG (GNU Privacy Guard) 1.9.93
    cpe:2.3:a:gnupg:gnupg:1.9.93
  • GnuPG (GNU Privacy Guard) 1.9.94
    cpe:2.3:a:gnupg:gnupg:1.9.94
  • GnuPG (GNU Privacy Guard) 1.9.95
    cpe:2.3:a:gnupg:gnupg:1.9.95
  • GnuPG (Privacy Guard) 2.0
    cpe:2.3:a:gnupg:gnupg:2.0
  • GnuPG (GNU Privacy Guard) 2.0.0
    cpe:2.3:a:gnupg:gnupg:2.0.0
  • GnuPG (Privacy Guard) 2.0.1
    cpe:2.3:a:gnupg:gnupg:2.0.1
  • GnuPG (GNU Privacy Guard) 2.0.2
    cpe:2.3:a:gnupg:gnupg:2.0.2
  • GnuPG (Privacy Guard) 2.0.3
    cpe:2.3:a:gnupg:gnupg:2.0.3
  • GnuPG (Privacy Guard) 2.0.4
    cpe:2.3:a:gnupg:gnupg:2.0.4
  • GnuPG (Privacy Guard) 2.0.5
    cpe:2.3:a:gnupg:gnupg:2.0.5
  • GnuPG (Privacy Guard) 2.0.6
    cpe:2.3:a:gnupg:gnupg:2.0.6
  • GnuPG (Privacy Guard) 2.0.7
    cpe:2.3:a:gnupg:gnupg:2.0.7
  • GnuPG (Privacy Guard) 2.0.8
    cpe:2.3:a:gnupg:gnupg:2.0.8
  • GnuPG (GNU Privacy Guard) 2.0.9
    cpe:2.3:a:gnupg:gnupg:2.0.9
  • GnuPG (Privacy Guard) 2.0.10
    cpe:2.3:a:gnupg:gnupg:2.0.10
  • GnuPG (Privacy Guard) 2.0.11
    cpe:2.3:a:gnupg:gnupg:2.0.11
  • GnuPG (Privacy Guard) 2.0.12
    cpe:2.3:a:gnupg:gnupg:2.0.12
  • GnuPG (Privacy Guard) 2.0.13
    cpe:2.3:a:gnupg:gnupg:2.0.13
  • GnuPG (Privacy Guard) 2.0.14
    cpe:2.3:a:gnupg:gnupg:2.0.14
  • GnuPG (Privacy Guard) 2.0.15
    cpe:2.3:a:gnupg:gnupg:2.0.15
  • GnuPG (Privacy Guard) 2.0.16
    cpe:2.3:a:gnupg:gnupg:2.0.16
  • GnuPG (Privacy Guard) 2.0.17
    cpe:2.3:a:gnupg:gnupg:2.0.17
  • GnuPG (Privacy Guard) 2.0.18
    cpe:2.3:a:gnupg:gnupg:2.0.18
  • GnuPG (Privacy Guard) 2.0.19
    cpe:2.3:a:gnupg:gnupg:2.0.19
  • GnuPG (Privacy Guard) 2.0.20
    cpe:2.3:a:gnupg:gnupg:2.0.20
  • GnuPG (Privacy Guard) 2.0.21
    cpe:2.3:a:gnupg:gnupg:2.0.21
  • GnuPG (Privacy Guard) 2.0.22
    cpe:2.3:a:gnupg:gnupg:2.0.22
  • GnuPG (Privacy Guard) 2.0.23
    cpe:2.3:a:gnupg:gnupg:2.0.23
  • GnuPG (Privacy Guard) 2.0.24
    cpe:2.3:a:gnupg:gnupg:2.0.24
  • GnuPG (GNU Privacy Guard) 2.0.25
    cpe:2.3:a:gnupg:gnupg:2.0.25
  • GnuPG (GNU Privacy Guard) 2.0.26
    cpe:2.3:a:gnupg:gnupg:2.0.26
  • GnuPG (GNU Privacy Guard) 2.0.27
    cpe:2.3:a:gnupg:gnupg:2.0.27
  • GnuPG (GNU Privacy Guard) 2.0.28
    cpe:2.3:a:gnupg:gnupg:2.0.28
  • GnuPG (GNU Privacy Guard) 2.1.0
    cpe:2.3:a:gnupg:gnupg:2.1.0
  • GnuPG (Privacy Guard) 2.1.0 beta1
    cpe:2.3:a:gnupg:gnupg:2.1.0:beta1
  • GnuPG (GNU Privacy Guard) 2.1.1
    cpe:2.3:a:gnupg:gnupg:2.1.1
  • GnuPG (GNU Privacy Guard) 2.1.2
    cpe:2.3:a:gnupg:gnupg:2.1.2
  • GnuPG (GNU Privacy Guard) 2.1.3
    cpe:2.3:a:gnupg:gnupg:2.1.3
  • GnuPG (GNU Privacy Guard) 2.1.4
    cpe:2.3:a:gnupg:gnupg:2.1.4
  • GnuPG (GNU Privacy Guard) 2.1.5
    cpe:2.3:a:gnupg:gnupg:2.1.5
  • GnuPG (GNU Privacy Guard) 2.1.6
    cpe:2.3:a:gnupg:gnupg:2.1.6
  • GnuPG (GNU Privacy Guard) 2.1.7
    cpe:2.3:a:gnupg:gnupg:2.1.7
  • GnuPG (GNU Privacy Guard) 2.1.8
    cpe:2.3:a:gnupg:gnupg:2.1.8
  • GnuPG (GNU Privacy Guard) 2.1.9
    cpe:2.3:a:gnupg:gnupg:2.1.9
  • GnuPG (GNU Privacy Guard) 2.1.10
    cpe:2.3:a:gnupg:gnupg:2.1.10
  • GnuPG (GNU Privacy Guard) 2.1.11
    cpe:2.3:a:gnupg:gnupg:2.1.11
  • GnuPG (GNU Privacy Guard) 2.1.12
    cpe:2.3:a:gnupg:gnupg:2.1.12
  • GnuPG (GNU Privacy Guard) 2.1.13
    cpe:2.3:a:gnupg:gnupg:2.1.13
  • GnuPG (GNU Privacy Guard) 2.1.14
    cpe:2.3:a:gnupg:gnupg:2.1.14
  • GnuPG (GNU Privacy Guard) 2.1.15
    cpe:2.3:a:gnupg:gnupg:2.1.15
  • GnuPG (GNU Privacy Guard) 2.1.16
    cpe:2.3:a:gnupg:gnupg:2.1.16
  • GnuPG (GNU Privacy Guard) 2.1.17
    cpe:2.3:a:gnupg:gnupg:2.1.17
  • GnuPG (GNU Privacy Guard) 2.1.18
    cpe:2.3:a:gnupg:gnupg:2.1.18
  • GnuPG (GNU Privacy Guard) 2.1.19
    cpe:2.3:a:gnupg:gnupg:2.1.19
  • GnuPG (GNU Privacy Guard) 2.1.20
    cpe:2.3:a:gnupg:gnupg:2.1.20
  • GnuPG (GNU Privacy Guard) 2.1.21
    cpe:2.3:a:gnupg:gnupg:2.1.21
  • GnuPG (GNU Privacy Guard) 2.1.22
    cpe:2.3:a:gnupg:gnupg:2.1.22
  • GnuPG (GNU Privacy Guard) 2.2.0
    cpe:2.3:a:gnupg:gnupg:2.2.0
  • GnuPG (GNU Privacy Guard) 2.2.1
    cpe:2.3:a:gnupg:gnupg:2.2.1
  • GnuPG (GNU Privacy Guard) 2.2.2
    cpe:2.3:a:gnupg:gnupg:2.2.2
  • GnuPG (GNU Privacy Guard) 2.2.3
    cpe:2.3:a:gnupg:gnupg:2.2.3
  • GnuPG (GNU Privacy Guard) 2.2.4
    cpe:2.3:a:gnupg:gnupg:2.2.4
  • GnuPG (GNU Privacy Guard) 2.2.5
    cpe:2.3:a:gnupg:gnupg:2.2.5
  • GnuPG (GNU Privacy Guard) 2.2.6
    cpe:2.3:a:gnupg:gnupg:2.2.6
  • GnuPG (GNU Privacy Guard) 2.2.7
    cpe:2.3:a:gnupg:gnupg:2.2.7
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-706
CAPEC
  • Leveraging/Manipulating Configuration File Search Paths
    This attack loads a malicious resource into a program's standard path used to bootstrap and/or provide contextual information for a program like a path variable or classpath. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker. A standard UNIX path looks similar to this If the attacker modifies the path variable to point to a locale that includes malicious resources then the user unwittingly can execute commands on the attackers' behalf: This is a form of usurping control of the program and the attack can be done on the classpath, database resources, or any other resources built from compound parts. At runtime detection and blocking of this attack is nearly impossible, because the configuration allows execution.
  • DLL Search Order Hijacking
    The attacker exploits the functionality of the Windows DLL loader where the process loading the DLL searches for the DLL to be loaded first in the same directory in which the process binary resides and then in other directories (e.g., System32). Exploitation of this preferential search order can allow an attacker to make the loading process load the attackers' rogue DLL rather than the legitimate DLL. For instance, an attacker with access to the file system may place a malicious ntshrui.dll in the C:\Windows directory. This DLL normally resides in the System32 folder. Process explorer.exe which also resides in C:\Windows, upon trying to load the ntshrui.dll from the System32 folder will actually load the DLL supplied by the attacker simply because of the preferential search order. Since the attacker has placed its malicious ntshrui.dll in the same directory as the loading explorer.exe process, the DLL supplied by the attacker will be found first and thus loaded in lieu of the legitimate DLL. Since explorer.exe is loaded during the boot cycle, the attackers' malware is guaranteed to execute. This attack can be leveraged with many different DLLs and with many different loading processes. No forensic trails are left in the system's registry or file system that an incorrect DLL had been loaded.
  • Passing Local Filenames to Functions That Expect a URL
    This attack relies on client side code to access local files and resources instead of URLs. When the client browser is expecting a URL string, but instead receives a request for a local file, that execution is likely to occur in the browser process space with the browser's authority to local files. The attacker can send the results of this request to the local files out to a site that they control. This attack may be used to steal sensitive authentication data (either local or remote), or to gain system profile information to launch further attacks.
nessus via4
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0239.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2018-12020 - missing sanitization of original filename
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 111049
    published 2018-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111049
    title OracleVM 3.3 / 3.4 : gnupg2 (OVMSA-2018-0239)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3675-1.NASL
    description Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. (CVE-2018-12020) Lance Vick discovered that GnuPG did not enforce configurations where key certification required an offline master Certify key. An attacker with access to a signing subkey could generate certifications that appeared to be valid. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-9234). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110475
    published 2018-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110475
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : gnupg, gnupg2 vulnerabilities (USN-3675-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1223.NASL
    description According to the version of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 111643
    published 2018-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111643
    title EulerOS 2.0 SP3 : gnupg2 (EulerOS-SA-2018-1223)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-69780FC4D7.NASL
    description - New upstream v1.4.23 (#1589802,#1589620,#1589624) - Remove patches included in upstream release - Note that this includes the fix for [CVE-2018-12020] ---- - doc Remove documentation for future option faked sys - build Don't use dev srandom on OpenBSD - Do not use C99 feature - g10 Fix regexp sanitization - g10 Push compress filter only if compressed - gpg Sanitize diagnostic with the original file name [CVE-2018-12020] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 110931
    published 2018-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110931
    title Fedora 27 : gnupg (2018-69780fc4d7)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-2180.NASL
    description From Red Hat Security Advisory 2018:2180 : An update for gnupg2 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 111024
    published 2018-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111024
    title Oracle Linux 6 : gnupg2 (ELSA-2018-2180)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1698-1.NASL
    description This update for gpg2 fixes the following security issue : - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110595
    published 2018-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110595
    title SUSE SLED12 / SLES12 Security Update : gpg2 (SUSE-SU-2018:1698-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4224.NASL
    description Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110423
    published 2018-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110423
    title Debian DSA-4224-1 : gnupg - security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1698-2.NASL
    description This update for gpg2 fixes the following security issue : CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118265
    published 2018-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118265
    title SUSE SLES12 Security Update : gpg2 (SUSE-SU-2018:1698-2)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1324.NASL
    description According to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 118412
    published 2018-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118412
    title EulerOS Virtualization 2.5.1 : gnupg2 (EulerOS-SA-2018-1324)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-646.NASL
    description This update for python-python-gnupg to version 0.4.3 fixes the following issues : The following security vulnerabilities were addressed : - Sanitize diagnostic output of the original file name in verbose mode (CVE-2018-12020 boo#1096745) The following other changes were made : - Add --no-verbose to the gpg command line, in case verbose is specified is gpg.conf. - Add expect_passphrase password for use on GnuPG >= 2.1 when passing passphrase to gpg via pinentry - Provide a trust_keys method to allow setting the trust level for keys - When the gpg executable is not found, note the path used in the exception message - Make error messages more informational
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 110591
    published 2018-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110591
    title openSUSE Security Update : python-python-gnupg (openSUSE-2018-646)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-3DC16842E2.NASL
    description Important security update to new upstream gnupg version 2.2.8 and libgpg-error 1.31 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120365
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120365
    title Fedora 28 : gnupg2 / libgpg-error (2018-3dc16842e2)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-2181.NASL
    description An update for gnupg2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 111079
    published 2018-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111079
    title CentOS 7 : gnupg2 (CESA-2018:2181)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2180.NASL
    description An update for gnupg2 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 111033
    published 2018-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111033
    title RHEL 6 : gnupg2 (RHSA-2018:2180)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-170-01.NASL
    description New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 110619
    published 2018-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110619
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : gnupg (SSA:2018-170-01)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-2181.NASL
    description From Red Hat Security Advisory 2018:2181 : An update for gnupg2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 111025
    published 2018-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111025
    title Oracle Linux 7 : gnupg2 (ELSA-2018-2181)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-159-01.NASL
    description New gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and - -current to fix a security issue.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 110432
    published 2018-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110432
    title Slackware 13.37 / 14.0 / 14.1 / 14.2 / current : gnupg2 (SSA:2018-159-01)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-640.NASL
    description This update for gpg2 fixes the following security issue : - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745)
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 110589
    published 2018-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110589
    title openSUSE Security Update : gpg2 (openSUSE-2018-640)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1333.NASL
    description According to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 118421
    published 2018-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118421
    title EulerOS Virtualization 2.5.0 : gnupg2 (EulerOS-SA-2018-1333)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180712_GNUPG2_ON_SL7_X.NASL
    description Security Fix(es) : - gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 111113
    published 2018-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111113
    title Scientific Linux Security Update : gnupg2 on SL7.x x86_64
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1221.NASL
    description According to the version of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 111183
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111183
    title EulerOS 2.0 SP2 : gnupg2 (EulerOS-SA-2018-1221)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1814-1.NASL
    description This update for gpg2 fixes the following security issue : - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120025
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120025
    title SUSE SLED15 / SLES15 Security Update : gpg2 (SUSE-SU-2018:1814-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4222.NASL
    description Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110421
    published 2018-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110421
    title Debian DSA-4222-1 : gnupg2 - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-A4E13742B4.NASL
    description - New upstream v1.4.23 (#1589802,#1589620,#1589624) - Remove patches included in upstream release - Note that this includes the fix for [CVE-2018-12020] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120670
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120670
    title Fedora 28 : gnupg (2018-a4e13742b4)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7DA0417F6B2411E884CC002590ACAE31.NASL
    description GnuPG reports : GnuPG did not sanitize input file names, which may then be output to the terminal. This could allow terminal control sequences or fake status messages to be injected into the output.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110430
    published 2018-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110430
    title FreeBSD : gnupg -- unsanitized output (CVE-2018-12020) (7da0417f-6b24-11e8-84cc-002590acae31)
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_SPACE_JSA10917_184R1.NASL
    description According to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID binary could use this flaw to escalate their privileges on the system. (CVE-2018-14634) Additionally, Junos Space is affected by several other vulnerabilities exist as noted in the vendor advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-10
    plugin id 121068
    published 2019-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121068
    title Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-2180.NASL
    description An update for gnupg2 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 111078
    published 2018-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111078
    title CentOS 6 : gnupg2 (CESA-2018:2180)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1045.NASL
    description A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output.(CVE-2018-12020)
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 111605
    published 2018-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111605
    title Amazon Linux 2 : gnupg2 (ALAS-2018-1045)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-630.NASL
    description This update for enigmail fixes vulnerabilities that allowed spoofing of e-mail signatures : - CVE-2018-12019: signature spoofing via specially crafted OpenPGP user IDs (boo#1097525) - CVE-2018-12020: signature spoofing via diagnostic output of the original file name in GnuPG verbose mode (boo#1096745) This mitigation prevents CVE-2018-12020 from being exploited even if GnuPG is not patched.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 110586
    published 2018-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110586
    title openSUSE Security Update : enigmail (openSUSE-2018-630)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-4EF71D3525.NASL
    description - doc Remove documentation for future option faked sys - build Don't use dev srandom on OpenBSD - Do not use C99 feature - g10 Fix regexp sanitization - g10 Push compress filter only if compressed - gpg Sanitize diagnostic with the original file name [CVE-2018-12020] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120411
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120411
    title Fedora 28 : gnupg (2018-4ef71d3525)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1696-1.NASL
    description This update for gpg2 fixes the following issues : - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110594
    published 2018-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110594
    title SUSE SLES11 Security Update : gpg2 (SUSE-SU-2018:1696-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2181.NASL
    description An update for gnupg2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 111034
    published 2018-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111034
    title RHEL 7 : gnupg2 (RHSA-2018:2181)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-84FDBD021F.NASL
    description Important security update to new upstream gnupg version 2.2.8 and libgpg-error 1.31 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 110598
    published 2018-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110598
    title Fedora 27 : gnupg2 / libgpg-error (2018-84fdbd021f)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3675-2.NASL
    description USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Original advisory details : Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110549
    published 2018-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110549
    title Ubuntu 14.04 LTS / 16.04 LTS : gnupg2 vulnerability (USN-3675-2)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1045.NASL
    description A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020)
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 110784
    published 2018-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110784
    title Amazon Linux AMI : gnupg / gnupg2 (ALAS-2018-1045)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180712_GNUPG2_ON_SL6_X.NASL
    description Security Fix(es) : - gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 111050
    published 2018-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111050
    title Scientific Linux Security Update : gnupg2 on SL6.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4223.NASL
    description Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110422
    published 2018-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110422
    title Debian DSA-4223-1 : gnupg1 - security update
redhat via4
advisories
  • bugzilla
    id 1589620
    title CVE-2018-12020 gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment gnupg2 is earlier than 0:2.0.14-9.el6_10
          oval oval:com.redhat.rhsa:tst:20182180007
        • comment gnupg2 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131459006
      • AND
        • comment gnupg2-smime is earlier than 0:2.0.14-9.el6_10
          oval oval:com.redhat.rhsa:tst:20182180005
        • comment gnupg2-smime is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131459008
    rhsa
    id RHSA-2018:2180
    released 2018-07-11
    severity Important
    title RHSA-2018:2180: gnupg2 security update (Important)
  • bugzilla
    id 1589620
    title CVE-2018-12020 gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment gnupg2 is earlier than 0:2.0.22-5.el7_5
          oval oval:com.redhat.rhsa:tst:20182181007
        • comment gnupg2 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131459006
      • AND
        • comment gnupg2-smime is earlier than 0:2.0.22-5.el7_5
          oval oval:com.redhat.rhsa:tst:20182181005
        • comment gnupg2-smime is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131459008
    rhsa
    id RHSA-2018:2181
    released 2018-07-11
    severity Important
    title RHSA-2018:2181: gnupg2 security update (Important)
rpms
  • gnupg2-0:2.0.14-9.el6_10
  • gnupg2-smime-0:2.0.14-9.el6_10
  • gnupg2-0:2.0.22-5.el7_5
  • gnupg2-smime-0:2.0.22-5.el7_5
refmap via4
bid 104450
confirm https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
debian
  • DSA-4222
  • DSA-4223
  • DSA-4224
fulldisc 20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients
misc
mlist [oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)
sectrack 1041051
ubuntu
  • USN-3675-1
  • USN-3675-2
  • USN-3675-3
  • USN-3964-1
the hacker news via4
id THN:7AF4F467FCD2B758CD46FDBECE48E35F
last seen 2018-06-15
modified 2018-06-15
published 2018-06-15
reporter Swati Khandelwal
source https://thehackernews.com/2018/06/gnupg-encryption-signature.html
title GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature
Last major update 08-06-2018 - 17:29
Published 08-06-2018 - 17:29
Last modified 02-10-2019 - 20:03
Back to Top