Oracle Linux 4 : gnupg (ELSA-2006-0754)

Critical Nessus Plugin ID 67429

Synopsis

The remote Oracle Linux host is missing a security update.

Description

From Red Hat Security Advisory 2006:0754 :

Updated GnuPG packages that fix two security issues are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

GnuPG is a utility for encrypting data and creating digital signatures.

Tavis Ormandy discovered a stack overwrite flaw in the way GnuPG decrypts messages. An attacker could create carefully crafted message that could cause GnuPG to execute arbitrary code if a victim attempts to decrypt the message. (CVE-2006-6235)

A heap based buffer overflow flaw was found in the way GnuPG constructs messages to be written to the terminal during an interactive session. An attacker could create a carefully crafted message which with user interaction could cause GnuPG to execute arbitrary code with the permissions of the user running GnuPG.
(CVE-2006-6169)

All users of GnuPG are advised to upgrade to this updated package, which contains a backported patch to correct these issues.

Solution

Update the affected gnupg package.

See Also

https://oss.oracle.com/pipermail/el-errata/2006-December/000032.html

Plugin Details

Severity: Critical

ID: 67429

File Name: oraclelinux_ELSA-2006-0754.nasl

Version: 1.8

Type: local

Agent: unix

Published: 2013/07/12

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:gnupg, cpe:/o:oracle:linux:4

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2006/12/11

Vulnerability Publication Date: 2006/11/29

Reference Information

CVE: CVE-2006-6169, CVE-2006-6235

BID: 21306, 21462

RHSA: 2006:0754