exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2012-6085

Status Candidate

Overview

The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.

Related Files

Unisphere Central Redirect / Access Bypass / DoS / Updates
Posted Jan 30, 2015
Site emc.com

Unisphere Central versions prior to 4.0 suffer from a large amount of security vulnerabilities and an update has been released that includes a fix for an unvalidated redirect issue along with various embedded component vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2010-5107, CVE-2010-5298, CVE-2011-0020, CVE-2011-0064, CVE-2011-3389, CVE-2012-2137, CVE-2012-5885, CVE-2012-6085, CVE-2012-6548, CVE-2012-6549, CVE-2013-0160, CVE-2013-0216, CVE-2013-0231, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-0913, CVE-2013-0914, CVE-2013-1767, CVE-2013-1772, CVE-2013-1774, CVE-2013-1792, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-1899
SHA-256 | ce4edb828cb719a743e51aeccc8b869350ac720be7a173f3e3978c205c139f5f
Gentoo Linux Security Advisory 201402-24
Posted Feb 22, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-24 - Multiple vulnerabilities have been discovered in GnuPG and Libgcrypt, which may result in execution of arbitrary code, Denial of Service, or the disclosure of private keys. Versions less than 2.0.22 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6085, CVE-2013-4242, CVE-2013-4351, CVE-2013-4402
SHA-256 | b179c24948b12fd20220e710cd0fc8df88dcb5a2e4985677436d991735781ae4
Red Hat Security Advisory 2013-1459-01
Posted Oct 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1459-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send specially crafted input data to GnuPG, making GnuPG enter an infinite loop when parsing data. It was found that importing a corrupted public key into a GnuPG keyring database corrupted that keyring. An attacker could use this flaw to trick a local user into importing a specially crafted public key into their keyring database, causing the keyring to be corrupted and preventing its further use.

tags | advisory, denial of service, local
systems | linux, redhat
advisories | CVE-2012-6085, CVE-2013-4351, CVE-2013-4402
SHA-256 | 66f4f380227d5284e4fe726da477005d273d6e0b0babb21afcad548a7d3c4cc5
Red Hat Security Advisory 2013-1458-01
Posted Oct 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1458-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process could possibly use this flaw to obtain portions of the RSA secret key.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6085, CVE-2013-4242, CVE-2013-4351, CVE-2013-4402
SHA-256 | 4ed140d307f2bb993d4c7916c9f09e01858d795fc86538c67ede4581485941e0
Mandriva Linux Security Advisory 2013-001-1
Posted Apr 5, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-001 - Versions of GnuPG less than or equal to 1.4.12 are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated. An OpenPGP key can be fuzzed in such a way that gpg segfaults when importing the key. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-6085
SHA-256 | 12827540dfa9ee3a39050476e3908f52454cae83d58879b966623f58d86c6dde
Ubuntu Security Notice USN-1682-1
Posted Jan 10, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1682-1 - KB Sriram discovered that GnuPG incorrectly handled certain malformed keys. If a user or automated system were tricked into importing a malformed key, the GnuPG keyring could become corrupted.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-6085
SHA-256 | 69f30d35a0a66cd25764996ab169e31f2ac7befe5e898436f48e9aaa8d5629fa
GNU Privacy Guard 1.4.13
Posted Jan 8, 2013
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: A corruption of the public keyring database on import of manipulated public keys was fixed. This issue was reported as CVE-2012-6085. Support for the old cipher algorithm IDEA was added. Small changes were made to increase compatibility with future OpenPGP and GnuPG features. Minor bugfixes were made.
tags | tool, encryption
advisories | CVE-2012-6085
SHA-256 | 5a3f99d43688d818995fcbb02f31c1a995d47379b8b81fa12708c6b3e47823d2
Debian Security Advisory 2601-1
Posted Jan 7, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2601-1 - KB Sriram discovered that GnuPG, the GNU Privacy Guard did not sufficiently sanitise public keys on import, which could lead to memory and keyring corruption.

tags | advisory
systems | linux, debian
advisories | CVE-2012-6085
SHA-256 | 454e24ef78762c7361f91bee17b049f501687a49633197f6be0765571af2a35b
Mandriva Linux Security Advisory 2013-001
Posted Jan 3, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-001 - Versions of GnuPG less than or equal to 1.4.12 are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated. An OpenPGP key can be fuzzed in such a way that gpg segfaults when importing the key. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-6085
SHA-256 | 98023f4d9132db57090088051e5e2ee2e1a8760b86910a9d1265a08a87f0e5c9
GnuPG 1.4.12 Database Corruption
Posted Dec 31, 2012
Authored by KB Sriram

GnuPG versions 1.4.12 and below are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated.

tags | advisory
advisories | CVE-2012-6085
SHA-256 | 0a3dbb2e061bd0a63a4632c1ff476033b308773427245372f500f2fae7b5b060
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close