Vulnerability Details : CVE-2006-6235
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2006-6235
Probability of exploitation activity in the next 30 days: 6.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-6235
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
Vendor statements for CVE-2006-6235
-
Red Hat 2007-03-14Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
-
http://www.redhat.com/support/errata/RHSA-2006-0754.html
Vendor Advisory
-
http://www.securityfocus.com/archive/1/453664/100/0/threaded
-
http://www.vupen.com/english/advisories/2006/4881
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html
-
http://www.trustix.org/errata/2006/0070
Trustix | Empowering Trust and Security in the Digital Age
-
https://issues.rpath.com/browse/RPL-835
- http://www.novell.com/linux/security/advisories/2006_28_sr.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30711
- http://security.gentoo.org/glsa/glsa-200612-03.xml
-
http://www.securityfocus.com/bid/21462
Vendor Advisory
- ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc
-
http://www.ubuntu.com/usn/usn-393-1
Patch
-
http://securitytracker.com/id?1017349
- http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm
- http://www.debian.org/security/2006/dsa-1231
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245
-
http://www.securityfocus.com/archive/1/453723/100/0/threaded
- http://www.ubuntu.com/usn/usn-393-2
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:228
- http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html
-
http://www.kb.cert.org/vuls/id/427009
US Government Resource
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
- cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:fedora_core:core6:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.9.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.9.20:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gpg4win:gpg4win:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:o:rpath:linux:1:*:*:*:*:*:*:*