Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Ware, Ryan R <ryan.r.ware-ral2JQCrhuEAvxtiuMwx3w <at> public.gmane.org>
Subject: [MeeGo-SA-10:30.gnupg2] DoS or Arbitrary Code Execution via Crafted Certificate
Newsgroups: gmane.comp.handhelds.meego.security.announce
Date: Thursday 20th January 2011 18:24:59 UTC (over 5 years ago)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
MeeGo-SA-10:30.gnupg2                                       Security
Advisory
                                                                MeeGo
Project

Topic:          DoS or Arbitrary Code Execution via Crafted Certificate

Category:       Security
Module:         gnupg2
Announced:      October 9, 2010
Affects:        MeeGo 1.0
Corrected:      October 9, 2010
MeeGo BID:      5115
CVE:            CVE-2010-2547

For general information regarding MeeGo Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit http://www.MeeGo.com/>.

I.   Background

GnuPG is GNU's tool for secure communication and data storage.  It can
be used to encrypt data and to create digital signatures.  It includes
an advanced key management facility and is compliant with the proposed
OpenPGP Internet standard as described in RFC2440 and the S/MIME
standard as described by several RFCs.

II.  Problem Description

CVE-2010-2547: Use-after-free vulnerability in kbx/keybox-blob.c in
GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
certificate with a large number of Subject Alternate Names, which is
not properly handled in a realloc operation when importing the
certificate or verifying its signature.
CVSS v2 Base: 5.1 (MEDIUM)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

III. Impact

CVE-2010-2547: Unauthorized discloseure of information, modification
or disruption of service due to resource management errors (CWE-399)

IV.  Workaround

None

V.   Solution

Update to package gnupg2-2.0.14-3.1 or later.

VI.  References

http://bugs.meego.com/show_bug.cgi?id=5115
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2547
http://cwe.mitre.org/data/definitions/399.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (Darwin)

iQEcBAEBAgAGBQJNN6kIAAoJEEsJm1wYvCMbQu0H/3bRmc9fOQ0xu7m0CgzSGR19
wlS6HMluRPsm/A+RG/bDqPAl792Y+kxDKLMqZedD9NbOHmRiAPrV1yETrlYJRa8R
lJcal/2rSPpmano96eOcll/RCt+BwIYqfn4whOuZhgu+KkQzX7MCDcqSU3v0k9rT
H0jU/Ecb8JB3o+rGrzKFR1YzIflG7NrN20NfOcFMbi9lXsoSJhNfRug4X9R5TpS2
4+/8qYA7U4WChJURCAXq5AWcvaZdDhJ5AWd5CJlRAy64BhH6k1GEUbCJPiR9nOoE
OkIlLr1YIXY8VCk8+6vwcTB0vkxzM9g38SsyhgWqPLMpHyQNcAzTRybO2U4E8XE=
=FKJw
-----END PGP SIGNATURE-----
 
CD: 3ms