CentOS 3 / 4 : gnu / gnupg (CESA-2006:0266)

medium Nessus Plugin ID 21990

Synopsis

The remote CentOS host is missing a security update.

Description

An updated GnuPG package that fixes signature verification flaws as well as minor bugs is now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

GnuPG is a utility for encrypting data and creating digital signatures.

Tavis Ormandy discovered a bug in the way GnuPG verifies cryptographically signed data with detached signatures. It is possible for an attacker to construct a cryptographically signed message which could appear to come from a third party. When a victim processes a GnuPG message with a malformed detached signature, GnuPG ignores the malformed signature, processes and outputs the signed data, and exits with status 0, just as it would if the signature had been valid. In this case, GnuPG's exit status would not indicate that no signature verification had taken place. This issue would primarily be of concern when processing GnuPG results via an automated script. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0455 to this issue.

Tavis Ormandy also discovered a bug in the way GnuPG verifies cryptographically signed data with inline signatures. It is possible for an attacker to inject unsigned data into a signed message in such a way that when a victim processes the message to recover the data, the unsigned data is output along with the signed data, gaining the appearance of having been signed. This issue is mitigated in the GnuPG shipped with Red Hat Enterprise Linux as the --ignore-crc-error option must be passed to the gpg executable for this attack to be successful.
The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0049 to this issue.

Please note that neither of these issues affect the way RPM or up2date verify RPM package files, nor is RPM vulnerable to either of these issues.

All users of GnuPG are advised to upgrade to this updated package, which contains backported patches to correct these issues.

Solution

Update the affected gnu and / or gnupg packages.

See Also

http://www.nessus.org/u?f185875d

http://www.nessus.org/u?70960352

http://www.nessus.org/u?25970934

http://www.nessus.org/u?48ece257

Plugin Details

Severity: Medium

ID: 21990

File Name: centos_RHSA-2006-0266.nasl

Version: 1.17

Type: local

Agent: unix

Published: 7/5/2006

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:centos:centos:gnupg, cpe:/o:centos:centos:3, cpe:/o:centos:centos:4

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list

Patch Publication Date: 3/15/2006

Vulnerability Publication Date: 2/15/2006

Reference Information

CVE: CVE-2006-0049, CVE-2006-0455

RHSA: 2006:0266