Executive Summary

Informations
NameCVE-2010-2547First vendor Publication2010-08-05
VendorCveLast vendor Modification2010-12-10

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score5.1Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2547

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22297
 
Oval ID: oval:org.mitre.oval:def:22297
Title: RHSA-2010:0603: gnupg2 security update (Moderate)
Description: Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
Family: unix Class: patch
Reference(s): RHSA-2010:0603-01
CESA-2010:0603
CVE-2010-2547
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): gnupg2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20091
 
Oval ID: oval:org.mitre.oval:def:20091
Title: DSA-2076-1 gnupg2 - execution of arbitrary code
Description: It was discovered that GnuPG 2 uses a freed pointer when verifying a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-2076-1
CVE-2010-2547
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): gnupg2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13159
 
Oval ID: oval:org.mitre.oval:def:13159
Title: USN-970-1 -- gnupg2 vulnerability
Description: It was discovered that GPGSM in GnuPG2 did not correctly handle certificates with a large number of Subject Alternate Names. If a user or automated system were tricked into processing a specially crafted certificate, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
Family: unix Class: patch
Reference(s): USN-970-1
CVE-2010-2547
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.04
Ubuntu 9.10
Product(s): gnupg2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11631
 
Oval ID: oval:org.mitre.oval:def:11631
Title: DSA-2076 gnupg2 -- use-after-free
Description: It was discovered that GnuPG 2 uses a freed pointer when verifying a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-2076
CVE-2010-2547
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): gnupg2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22992
 
Oval ID: oval:org.mitre.oval:def:22992
Title: ELSA-2010:0603: gnupg2 security update (Moderate)
Description: Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
Family: unix Class: patch
Reference(s): ELSA-2010:0603-01
CVE-2010-2547
Version: 6
Platform(s): Oracle Linux 5
Product(s): gnupg2
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application15

OpenVAS Exploits

DateDescription
2012-02-12Name : Gentoo Security Advisory GLSA 201110-15 (GnuPG)
File : nvt/glsa_201110_15.nasl
2011-08-09Name : CentOS Update for gnupg2 CESA-2010:0603 centos5 i386
File : nvt/gb_CESA-2010_0603_gnupg2_centos5_i386.nasl
2010-08-21Name : Debian Security Advisory DSA 2076-1 (gnupg2)
File : nvt/deb_2076_1.nasl
2010-08-20Name : Fedora Update for gnupg2 FEDORA-2010-11382
File : nvt/gb_fedora_2010_11382_gnupg2_fc12.nasl
2010-08-13Name : Ubuntu Update for gnupg2 vulnerability USN-970-1
File : nvt/gb_ubuntu_USN_970_1.nasl
2010-08-06Name : RedHat Update for gnupg2 RHSA-2010:0603-01
File : nvt/gb_RHSA-2010_0603-01_gnupg2.nasl
2010-08-06Name : Fedora Update for gnupg2 FEDORA-2010-11413
File : nvt/gb_fedora_2010_11413_gnupg2_fc13.nasl
2010-08-02Name : Mandriva Update for gnupg2 MDVSA-2010:143 (gnupg2)
File : nvt/gb_mandriva_MDVSA_2010_143.nasl
0000-00-00Name : Slackware Advisory SSA:2010-240-01 gnupg2
File : nvt/esoft_slk_ssa_2010_240_01.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
66624GnuPG GPGSM kbx/keybox-blob.c Crafted Certificate Use-after-free Arbitrary Co...

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_gpg2-100728.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0603.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20100804_gnupg2_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-10-24Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-15.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_gpg2-100728.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_gpg2-7107.nasl - Type : ACT_GATHER_INFO
2010-08-29Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-240-01.nasl - Type : ACT_GATHER_INFO
2010-08-12Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-970-1.nasl - Type : ACT_GATHER_INFO
2010-08-09Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0603.nasl - Type : ACT_GATHER_INFO
2010-08-06Name : The remote openSUSE host is missing a security update.
File : suse_11_2_gpg2-100728.nasl - Type : ACT_GATHER_INFO
2010-08-06Name : The remote openSUSE host is missing a security update.
File : suse_11_1_gpg2-100728.nasl - Type : ACT_GATHER_INFO
2010-08-05Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0603.nasl - Type : ACT_GATHER_INFO
2010-08-03Name : The remote Fedora host is missing a security update.
File : fedora_2010-11413.nasl - Type : ACT_GATHER_INFO
2010-08-02Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2010-143.nasl - Type : ACT_GATHER_INFO
2010-07-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2076.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/41945
CONFIRMhttp://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076
https://issues.rpath.com/browse/RPL-3229
DEBIANhttp://www.debian.org/security/2010/dsa-2076
FEDORAhttp://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935....
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:143
MLISThttp://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html
SECTRACKhttp://www.securitytracker.com/id?1024247
SECUNIAhttp://secunia.com/advisories/38877
http://secunia.com/advisories/40718
http://secunia.com/advisories/40841
SLACKWAREhttp://slackware.com/security/viewer.php?l=slackware-security&y=2010&...
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html
VUPENhttp://www.vupen.com/english/advisories/2010/1931
http://www.vupen.com/english/advisories/2010/1950
http://www.vupen.com/english/advisories/2010/1988
http://www.vupen.com/english/advisories/2010/2217
http://www.vupen.com/english/advisories/2010/3125

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-06-14 13:28:57
  • Multiple Updates
2014-02-17 10:56:14
  • Multiple Updates
2013-05-10 23:28:22
  • Multiple Updates