FreeBSD : gnupg -- buffer overflow (34c93ae8-7e6f-11db-bf00-02e081235dab)

High Nessus Plugin ID 23738


The remote FreeBSD host is missing a security-related update.


Werner Koch reports :

When running GnuPG interactively, special crafted messages may be used to crash gpg or gpg2. Running gpg in batch mode, as done by all software using gpg as a backend (e.g. mailers), is not affected by this bug.

Exploiting this overflow seems to be possible.

gpg-agent, gpgsm, gpgv or other tools from the GnuPG suite are not affected.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 23738

File Name: freebsd_pkg_34c93ae87e6f11dbbf0002e081235dab.nasl

Version: $Revision: 1.9 $

Type: local

Published: 2006/11/28

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:gnupg, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2006/11/27

Vulnerability Publication Date: 2006/11/27