ID de Prueba:	1.3.6.1.4.1.25623.1.0.51565
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2001:399
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2001:399. Gnupg is a OpenPGP-compliant tool for secure communication used to, for example, sign emails, encrypt and decrypt sensitive data and verify signed text. Two vulnerabilities are being addressed with this update: 1) Versions prior to 1.0.5 have a vulnerability that would allow an attacker to obtain the unencrypted private key of an user. In order to do that, the attacker would have to obtain a copy of the private key (which is encrypted), alter it in a specific way and put it back without the user's knowledge. After that, by intercepting a message that was signed with the replaced key, the attacker would be able to reconstruct the private key (unencrypted). With this key, the attacker would be able to personificate the user and be able to read his/her encrypted mail or sign emails in his/her name. 2) Versions prior to 1.0.6 have a format string vulnerability that allows the execution of arbitrary code just by decrypting an encrypted file with a special filename. The flaw occurs when that filename is printed to the screen. By using the --batch option, this output is suppressed, and the user is then not affected. An exploit for this flaw has already been published. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2001:399 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000399 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.