Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Privacy_guard | Gnu | 7.1 (including) | 7.1 (including) |
| Privacy_guard | Gnu | 7.2 (including) | 7.2 (including) |
| Privacy_guard | Gnu | 8.0 (including) | 8.0 (including) |
| Red Hat Linux 6.2 | RedHat | * | |
| Red Hat Linux 7.0 | RedHat | * | |
| Red Hat Linux 7.1 | RedHat | * |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000399
- http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01
- http://online.securityfocus.com/archive/1/188218
- http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt
- http://www.debian.org/security/2001/dsa-061
- http://www.gnupg.org/whatsnew.html#rn20010529
- http://www.kb.cert.org/vuls/id/403051
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3
- http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html
- http://www.osvdb.org/1845
- http://www.redhat.com/support/errata/RHSA-2001-073.html
- http://www.securityfocus.com/bid/2797
- http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6642
- http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000399
- http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01
- http://online.securityfocus.com/archive/1/188218
- http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt
- http://www.debian.org/security/2001/dsa-061
- http://www.gnupg.org/whatsnew.html#rn20010529
- http://www.kb.cert.org/vuls/id/403051
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3
- http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html
- http://www.osvdb.org/1845
- http://www.redhat.com/support/errata/RHSA-2001-073.html
- http://www.securityfocus.com/bid/2797
- http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6642