Conectiva Local Security Checks : Conectiva Security Advisory CLA-2001:399

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51565

Kategorie: Conectiva Local Security Checks

Titel: Conectiva Security Advisory CLA-2001:399

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory CLA-2001:399.

Gnupg is a OpenPGP-compliant tool for secure communication used to,
for example, sign emails, encrypt and decrypt sensitive data and
verify signed text.

Two vulnerabilities are being addressed with this update:

1) Versions prior to 1.0.5 have a vulnerability that would allow an
attacker to obtain the unencrypted private key of an user. In order
to do that, the attacker would have to obtain a copy of the private
key (which is encrypted), alter it in a specific way and put it back
without the user's knowledge. After that, by intercepting a message
that was signed with the replaced key, the attacker would be able to
reconstruct the private key (unencrypted). With this key, the
attacker would be able to personificate the user and be able to read
his/her encrypted mail or sign emails in his/her name.

2) Versions prior to 1.0.6 have a format string vulnerability that
allows the execution of arbitrary code just by decrypting an
encrypted file with a special filename. The flaw occurs when that
filename is printed to the screen. By using the --batch option,
this output is suppressed, and the user is then not affected. An
exploit for this flaw has already been published.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2001:399
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000399

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.51565
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2001:399
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2001:399. Gnupg is a OpenPGP-compliant tool for secure communication used to, for example, sign emails, encrypt and decrypt sensitive data and verify signed text. Two vulnerabilities are being addressed with this update: 1) Versions prior to 1.0.5 have a vulnerability that would allow an attacker to obtain the unencrypted private key of an user. In order to do that, the attacker would have to obtain a copy of the private key (which is encrypted), alter it in a specific way and put it back without the user's knowledge. After that, by intercepting a message that was signed with the replaced key, the attacker would be able to reconstruct the private key (unencrypted). With this key, the attacker would be able to personificate the user and be able to read his/her encrypted mail or sign emails in his/her name. 2) Versions prior to 1.0.6 have a format string vulnerability that allows the execution of arbitrary code just by decrypting an encrypted file with a special filename. The flaw occurs when that filename is printed to the screen. By using the --batch option, this output is suppressed, and the user is then not affected. An exploit for this flaw has already been published. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2001:399 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000399 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com