SMTP: GnuPG Message Packet Length Handling Integer Overflow
This signature detects attempts to exploit a known vulnerability in the GnuPG (GNU Privacy Guard) product. The problem is caused by an incorrect handling of the user supplied data. An attacker can exploit this vulnerability to crash a vulnerable application or execute arbitrary code in the security context of the currently running process. In an attack case where code injection is not successful, the affected application will terminate abnormally. In a more sophisticated attack where code injection results is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.
Extended Description
GnuPG is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. This issue may allow remote attackers to execute arbitrary machine code in the context of the affected application, but this has not been confirmed. GnuPG version 1.4.4 is vulnerable to this issue; previous versions may also be affected.
Affected Products
Gnu gnu_privacy_guard
Short Name
SMTP:EXPLOIT:GNUPG-INT-OF
Severity
Major
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
CVE-2006-3746 GnuPG Handling Integer Length Message Overflow Packet bid:19110
Release Date
07/25/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Suse
Gentoo
Trustix
Gnu
Rpath
Avaya
Sgi
Slackware
Ubuntu
Mandriva
Debian
CVSS Score
5.0