FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-6235

This CVE name corresponds to:

Entered Topic
2006-12-07 gnupg -- remotely controllable function pointer

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-6235 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-6235
Phase Assigned(20061202)

Description

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

References

Source Reference
BUGTRAQ 20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235]
BUGTRAQ 20061206 rPSA-2006-0227-1 gnupg
MLIST [gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235]
CONFIRM https://issues.rpath.com/browse/RPL-835
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm
DEBIAN DSA-1231
GENTOO GLSA-200612-03
MANDRIVA MDKSA-2006:228
OPENPKG OpenPKG-SA-2006.037
REDHAT RHSA-2006:0754
SGI 20061201-01-P
SUSE SUSE-SR:2006:028
SUSE SUSE-SA:2006:075
TRUSTIX 2006-0070
UBUNTU USN-393-1
UBUNTU USN-393-2
CERT-VN VU#427009
BID 21462
OVAL oval:org.mitre.oval:def:11245
VUPEN ADV-2006-4881
SECTRACK 1017349
SECUNIA 23245
SECUNIA 23250
SECUNIA 23255
SECUNIA 23269
SECUNIA 23259
SECUNIA 23299
SECUNIA 23303
SECUNIA 23329
SECUNIA 23290
SECUNIA 23335
SECUNIA 23284
SECUNIA 23513
SECUNIA 24047
XF gnupg-openpgp-code-execution(30711)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.