FreeBSD Ports: Gnupg Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157 http://marc.theaimsgroup.com/?l=gnupg-users&m=115124706210430 http://marc.theaimsgroup.com/?l=full-disclosure&m=114907659313360 http://www.vuxml.org/freebsd/f900bda8-0472-11db-bbf7-000c6ec775d9.html

Insight

The following package is affected: gnupg CVE-2006-3082 parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length, which could lead to an integer overflow, as demonstrated using the --no-armor option.

Severity

Classification

CVE CVE-2006-3082
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

FreeBSD Ports: bugzilla
FreeBSD Ports: bugzilla
FreeBSD Ports: claws-mail, sylpheed-claws
FreeBSD Ports: acroread4, acroread5
FreeBSD Ports: bzip2

FreeBSD Ports: gnupg

Take action and discover your vulnerabilities