|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA061] DSA-061-1 gnupg Vulnerability Assessment Details
|
[DSA061] DSA-061-1 gnupg |
||
|
DSA-061-1 gnupg Detailed Explanation for this Vulnerability Assessment The version of GnuPG (GNU Privacy Guard, an OpenPGP implementation) as distributed in Debian GNU/Linux 2.2 suffers from two problems: fish stiqz reported on bugtraq that there was a printf format problem in the do_get() function: it printed a prompt which included the filename that was being decrypted without checking for possible printf format attacks. This could be exploited by tricking someone into decrypting a file with a specially crafted filename. The second bug is related to importing secret keys: when gnupg imported a secret key it would immediately make the associated public key fully trusted which changes your web of trust without asking for a confirmation. To fix this you now need a special option to import a secret key. Both problems have been fixed in version 1.0.6-0potato1. Solution : http://www.debian.org/security/2001/dsa-061 Network Security Threat Level: High Networks Security ID: 2797 Vulnerability Assessment Copyright: This script is (C) 2005 Michel Arboi |
||
|
UPS, Power Protection, APC |
|
||
|
No Discussions have been posted on this vulnerability. |