« LifeLock Identity Theft Protection Technical School »

Apr 02 2008

Profile Image of MuZumbu
MuZumbu

Moderately critical vulnerability in GnuPG

Posted at 10:01 am under Secunia

Secunia Advisory: SA29568
Release Date: 2008-04-01
Critical:
Moderately critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch
Software: GnuPG / gpg 1.4.x
GnuPG / gpg 2.x
CVE reference: CVE-2008-1530 (Secunia mirror)
Description:
A vulnerability has been reported in GnuPG, which can potentially be exploited to compromise a vulnerable system.The vulnerability is caused due to an error when importing keys with duplicated IDs. This can be exploited to cause a memory corruption when importing keys via –refresh-keys or –import.

Successful exploitation potentially allows execution of arbitrary code, but has not been proven yet.

The vulnerability is reported in version 1.4.8 and 2.0.8. Prior versions may also be affected.

Solution:
Update to version 1.4.9 or 2.0.9.
ftp://ftp.gnupg.org/gcrypt/gnupg

Provided and/or discovered by:
Andrea Barisani, oCERT

No responses yet

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.

"