This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200612-03
(GnuPG: Multiple vulnerabilities)
Hugh Warrington has reported a boundary error in GnuPG, in the
'ask_outfile_name()' function from openfile.c: the
make_printable_string() function could return a string longer than
expected. Additionally, Tavis Ormandy of the Gentoo Security Team
reported a design error in which a function pointer can be incorrectly
A remote attacker could entice a user to interactively use GnuPG on a
crafted file and trigger the boundary error, which will result in a
buffer overflow. They could also entice a user to process a signed or
encrypted file with gpg or gpgv, possibly called through another
application like a mail client, to trigger the dereference error. Both
of these vulnerabilities would result in the execution of arbitrary
code with the permissions of the user running GnuPG. gpg-agent, gpgsm
and other tools are not affected.
There is no known workaround at this time.
See also :
All GnuPG users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '=app-crypt/gnupg-1.4*'
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : false
Family: Gentoo Local Security Checks
Nessus Plugin ID: 23855 (gentoo_GLSA-200612-03.nasl)
Bugtraq ID: 2130621462
CVE ID: CVE-2006-6169CVE-2006-6235
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.