Title: GnuPG Format String Vulnerability
Severity: HIGH
Description:
GnuPG is a popular open source public/private key encryption system.
GnuPG contains a vulnerability which may allow remote attackers to gain access to the systems of users decrypting files.
When a file with an unrecognized filename suffix is decrypted, GnuPG prompts the user to enter a filename to which the plaintext will be written. The program also attempts to obtain the original filename from the encrypted file, and includes it in the prompt. The bug exists because the prompt is displayed to the user using a *printf function; the prompt is supplied as the format string argument. As a result, any format specifiers in the original filename will be interpreted by and acted upon by the printf function.
It may be possible for remote attackers to maliciously use format specifiers to write to values to arbitrary locations in memory. By doing so, attackers could force the execution of arbitrary code by the GnuPG client.
Affected Products:
- GNU GNU Privacy Guard 1.0.0
- GNU GNU Privacy Guard 1.0.1
- GNU GNU Privacy Guard 1.0.2
- GNU GNU Privacy Guard 1.0.3
- GNU GNU Privacy Guard 1.0.3b
- GNU GNU Privacy Guard 1.0.4
- GNU GNU Privacy Guard 1.0.5
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
