LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

MeeGo alert MeeGo-SA-10:30 (gnupg2)



From:
    	      "Ware, Ryan R" <ryan.r.ware@intel.com> 


To:
    	      "meego-security@meego.com" <meego-security@meego.com> 


Subject:
    	      [MeeGo-security] [MeeGo-SA-10:30.gnupg2] DoS or Arbitrary Code
 Execution via Crafted Certificate 


Date:
    	      Thu, 20 Jan 2011 11:24:59 -0700


Message-ID:
    	      <60F048A7-C6DD-4220-9183-D7473AA8267D@intel.com>


Archive-link:
    	      Article, Thread
              


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
MeeGo-SA-10:30.gnupg2                                       Security Advisory
                                                                MeeGo Project

Topic:          DoS or Arbitrary Code Execution via Crafted Certificate

Category:       Security
Module:         gnupg2
Announced:      October 9, 2010
Affects:        MeeGo 1.0
Corrected:      October 9, 2010
MeeGo BID:      5115
CVE:            CVE-2010-2547

For general information regarding MeeGo Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://www.MeeGo.com/>.

I.   Background

GnuPG is GNU's tool for secure communication and data storage.  It can
be used to encrypt data and to create digital signatures.  It includes
an advanced key management facility and is compliant with the proposed
OpenPGP Internet standard as described in RFC2440 and the S/MIME
standard as described by several RFCs.

II.  Problem Description

CVE-2010-2547: Use-after-free vulnerability in kbx/keybox-blob.c in
GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
certificate with a large number of Subject Alternate Names, which is
not properly handled in a realloc operation when importing the
certificate or verifying its signature.
CVSS v2 Base: 5.1 (MEDIUM)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

III. Impact

CVE-2010-2547: Unauthorized discloseure of information, modification
or disruption of service due to resource management errors (CWE-399)

IV.  Workaround

None

V.   Solution

Update to package gnupg2-2.0.14-3.1 or later.

VI.  References

http://bugs.meego.com/show_bug.cgi?id=5115
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-...
http://cwe.mitre.org/data/definitions/399.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (Darwin)

iQEcBAEBAgAGBQJNN6kIAAoJEEsJm1wYvCMbQu0H/3bRmc9fOQ0xu7m0CgzSGR19
wlS6HMluRPsm/A+RG/bDqPAl792Y+kxDKLMqZedD9NbOHmRiAPrV1yETrlYJRa8R
lJcal/2rSPpmano96eOcll/RCt+BwIYqfn4whOuZhgu+KkQzX7MCDcqSU3v0k9rT
H0jU/Ecb8JB3o+rGrzKFR1YzIflG7NrN20NfOcFMbi9lXsoSJhNfRug4X9R5TpS2
4+/8qYA7U4WChJURCAXq5AWcvaZdDhJ5AWd5CJlRAy64BhH6k1GEUbCJPiR9nOoE
OkIlLr1YIXY8VCk8+6vwcTB0vkxzM9g38SsyhgWqPLMpHyQNcAzTRybO2U4E8XE=
=FKJw
-----END PGP SIGNATURE-----
_______________________________________________
MeeGo-security mailing list
MeeGo-security@meego.com
http://lists.meego.com/listinfo/meego-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds