Test ID:	1.3.6.1.4.1.25623.1.0.57055
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-304-1 (gnupg)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gnupg announced via advisory USN-304-1. A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Evgeny Legerov discovered that GnuPG did not sufficiently check overly large user ID packets. Specially crafted user IDs caused a buffer overflow. By tricking an user or remote automated system into processing a malicous GnuPG message, an attacker could exploit this to crash GnuPG or possibly even execute arbitrary code. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: gnupg 1.2.5-3ubuntu5.4 Ubuntu 5.10: gnupg 1.4.1-1ubuntu1.3 Ubuntu 6.06 LTS: gnupg 1.4.2.2-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-304-1 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3082 BugTraq ID: 18554 http://www.securityfocus.com/bid/18554 Bugtraq: 20060629 rPSA-2006-0120-1 gnupg (Google Search) http://www.securityfocus.com/archive/1/438751/100/0/threaded Debian Security Information: DSA-1107 (Google Search) http://www.debian.org/security/2006/dsa-1107 Debian Security Information: DSA-1115 (Google Search) http://www.debian.org/security/2006/dsa-1115 http://seclists.org/lists/fulldisclosure/2006/May/0774.html http://seclists.org/lists/fulldisclosure/2006/May/0782.html http://seclists.org/lists/fulldisclosure/2006/May/0789.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:110 http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089 http://www.redhat.com/support/errata/RHSA-2006-0571.html http://securitytracker.com/id?1016519 http://secunia.com/advisories/20783 http://secunia.com/advisories/20801 http://secunia.com/advisories/20811 http://secunia.com/advisories/20829 http://secunia.com/advisories/20881 http://secunia.com/advisories/20899 http://secunia.com/advisories/20968 http://secunia.com/advisories/21063 http://secunia.com/advisories/21135 http://secunia.com/advisories/21137 http://secunia.com/advisories/21143 http://secunia.com/advisories/21585 SGI Security Advisory: 20060701-01-U ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.457382 SuSE Security Announcement: SUSE-SR:2006:015 (Google Search) http://www.novell.com/linux/security/advisories/2006_38_security.html SuSE Security Announcement: SUSE-SR:2006:018 (Google Search) http://www.novell.com/linux/security/advisories/2006_18_sr.html https://usn.ubuntu.com/304-1/ http://www.vupen.com/english/advisories/2006/2450 XForce ISS Database: gnupg-parsepacket-bo(27245) https://exchange.xforce.ibmcloud.com/vulnerabilities/27245
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.