F5 Local Security Checks : F5 BIG-IP - GnuPG vulnerability CVE-2012-6085

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.105556

Categoría: F5 Local Security Checks

Título: F5 BIG-IP - GnuPG vulnerability CVE-2012-6085

Resumen: The remote host is missing a security patch.

Descripción: Summary:
The remote host is missing a security patch.

Vulnerability Insight:
The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.

Vulnerability Impact:
A remote attacker may exploit this vulnerability by way of a specially crafted OpenPGP packet to cause the keyring to be corrupted.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-6085
57102
http://www.securityfocus.com/bid/57102
FEDORA-2013-0148
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html
FEDORA-2013-0377
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html
MDVSA-2013:001
http://www.mandriva.com/security/advisories?name=MDVSA-2013:001
RHSA-2013:1459
http://rhn.redhat.com/errata/RHSA-2013-1459.html
USN-1682-1
http://www.ubuntu.com/usn/USN-1682-1
[oss-security] 20130101 Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption
http://www.openwall.com/lists/oss-security/2013/01/01/6
gnupg-public-keys-code-exec(80990)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80990
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67
https://bugs.g10code.com/gnupg/issue1455
https://bugzilla.redhat.com/show_bug.cgi?id=891142

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.105556
Categoría:	F5 Local Security Checks
Título:	F5 BIG-IP - GnuPG vulnerability CVE-2012-6085
Resumen:	The remote host is missing a security patch.
Descripción:	Summary: The remote host is missing a security patch. Vulnerability Insight: The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet. Vulnerability Impact: A remote attacker may exploit this vulnerability by way of a specially crafted OpenPGP packet to cause the keyring to be corrupted. Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-6085 57102 http://www.securityfocus.com/bid/57102 FEDORA-2013-0148 http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html FEDORA-2013-0377 http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html MDVSA-2013:001 http://www.mandriva.com/security/advisories?name=MDVSA-2013:001 RHSA-2013:1459 http://rhn.redhat.com/errata/RHSA-2013-1459.html USN-1682-1 http://www.ubuntu.com/usn/USN-1682-1 [oss-security] 20130101 Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption http://www.openwall.com/lists/oss-security/2013/01/01/6 gnupg-public-keys-code-exec(80990) https://exchange.xforce.ibmcloud.com/vulnerabilities/80990 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67 https://bugs.g10code.com/gnupg/issue1455 https://bugzilla.redhat.com/show_bug.cgi?id=891142
Copyright	Copyright (C) 2016 Greenbone AG