Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2010:143 | First vendor Publication | 2010-07-28 |
Vendor | Mandriva | Last vendor Modification | 2010-07-28 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 5.1 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability has been discovered and corrected in gnupg2: Importing a certificate with more than 98 Subject Alternate Names via GPGSM's import command or implicitly while verifying a signature causes GPGSM to reallocate an array with the names. The bug is that the reallocation code misses assigning the reallocated array to the old array variable and thus the old and freed array will be used. Usually this leads to a segv (CVE-2010-2547). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:143 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-416 | Use After Free |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11631 | |||
Oval ID: | oval:org.mitre.oval:def:11631 | ||
Title: | DSA-2076 gnupg2 -- use-after-free | ||
Description: | It was discovered that GnuPG 2 uses a freed pointer when verifying a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2076 CVE-2010-2547 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | gnupg2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13159 | |||
Oval ID: | oval:org.mitre.oval:def:13159 | ||
Title: | USN-970-1 -- gnupg2 vulnerability | ||
Description: | It was discovered that GPGSM in GnuPG2 did not correctly handle certificates with a large number of Subject Alternate Names. If a user or automated system were tricked into processing a specially crafted certificate, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-970-1 CVE-2010-2547 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.04 Ubuntu 9.10 | Product(s): | gnupg2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20091 | |||
Oval ID: | oval:org.mitre.oval:def:20091 | ||
Title: | DSA-2076-1 gnupg2 - execution of arbitrary code | ||
Description: | It was discovered that GnuPG 2 uses a freed pointer when verifying a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2076-1 CVE-2010-2547 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | gnupg2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22297 | |||
Oval ID: | oval:org.mitre.oval:def:22297 | ||
Title: | RHSA-2010:0603: gnupg2 security update (Moderate) | ||
Description: | Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0603-01 CESA-2010:0603 CVE-2010-2547 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | gnupg2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22992 | |||
Oval ID: | oval:org.mitre.oval:def:22992 | ||
Title: | ELSA-2010:0603: gnupg2 security update (Moderate) | ||
Description: | Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0603-01 CVE-2010-2547 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | gnupg2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27257 | |||
Oval ID: | oval:org.mitre.oval:def:27257 | ||
Title: | DEPRECATED: ELSA-2010-0603 -- gnupg2 security update (moderate) | ||
Description: | [2.0.10-3.1] - fix use after free when importing certain X509 certificates CVE-2010-2547 (#618156) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0603 CVE-2010-2547 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | gnupg2 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-15 (GnuPG) File : nvt/glsa_201110_15.nasl |
2011-08-09 | Name : CentOS Update for gnupg2 CESA-2010:0603 centos5 i386 File : nvt/gb_CESA-2010_0603_gnupg2_centos5_i386.nasl |
2010-08-21 | Name : Debian Security Advisory DSA 2076-1 (gnupg2) File : nvt/deb_2076_1.nasl |
2010-08-20 | Name : Fedora Update for gnupg2 FEDORA-2010-11382 File : nvt/gb_fedora_2010_11382_gnupg2_fc12.nasl |
2010-08-13 | Name : Ubuntu Update for gnupg2 vulnerability USN-970-1 File : nvt/gb_ubuntu_USN_970_1.nasl |
2010-08-06 | Name : RedHat Update for gnupg2 RHSA-2010:0603-01 File : nvt/gb_RHSA-2010_0603-01_gnupg2.nasl |
2010-08-06 | Name : Fedora Update for gnupg2 FEDORA-2010-11413 File : nvt/gb_fedora_2010_11413_gnupg2_fc13.nasl |
2010-08-02 | Name : Mandriva Update for gnupg2 MDVSA-2010:143 (gnupg2) File : nvt/gb_mandriva_MDVSA_2010_143.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-240-01 gnupg2 File : nvt/esoft_slk_ssa_2010_240_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
66624 | GnuPG GPGSM kbx/keybox-blob.c Crafted Certificate Use-after-free Arbitrary Co... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_gpg2-100728.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0603.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100804_gnupg2_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-10-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-15.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_gpg2-100728.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gpg2-7107.nasl - Type : ACT_GATHER_INFO |
2010-08-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-240-01.nasl - Type : ACT_GATHER_INFO |
2010-08-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-970-1.nasl - Type : ACT_GATHER_INFO |
2010-08-09 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0603.nasl - Type : ACT_GATHER_INFO |
2010-08-06 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_gpg2-100728.nasl - Type : ACT_GATHER_INFO |
2010-08-06 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_gpg2-100728.nasl - Type : ACT_GATHER_INFO |
2010-08-05 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0603.nasl - Type : ACT_GATHER_INFO |
2010-08-03 | Name : The remote Fedora host is missing a security update. File : fedora_2010-11413.nasl - Type : ACT_GATHER_INFO |
2010-08-02 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-143.nasl - Type : ACT_GATHER_INFO |
2010-07-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2076.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:41:36 |
|