• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GnuPG OpenPGP Packet Processing Function Pointer Overwrite Vulnerability

Bugtraq ID:	21462
Class:	Design Error
CVE:	CVE-2006-6235
Remote:	Yes
Local:	No
Published:	Dec 06 2006 12:00AM
Updated:	Mar 19 2007 10:44PM
Credit:	Tavis Ormandy is credited with the discovery of this issue.
Vulnerable:	Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Operating System Enterprise Server 2.0 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 11.0 SGI Advanced Linux Environment 3.0 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Desktop 1.0 rPath rPath Linux 1 RedHat Fedora Core6 RedHat Fedora Core5 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux AS 2.1 RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 OpenPKG OpenPKG Stable OpenPKG OpenPKG E1.0-Solid OpenPKG OpenPKG Current OpenPKG OpenPKG 2-Stable-20061018 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2006.0 x86_64 MandrakeSoft Linux Mandrake 2006.0 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 IPCop IPCop 1.4.12 IPCop IPCop 1.4.11 IPCop IPCop 1.4.10 Gpg4win Gpg4win 1.0.7 Gpg4win Gpg4win 1.0.6 Gpg4win Gpg4win 1.0.5 Gpg4win Gpg4win 1.0.4 Gpg4win Gpg4win 1.0.3 Gpg4win Gpg4win 1.0.2 Gpg4win Gpg4win 1.0.1 Gpg4win Gpg4win 1.0 GNU GNU Privacy Guard 2.0.1 GNU GNU Privacy Guard 2.0 GNU GNU Privacy Guard 1.9.22 GNU GNU Privacy Guard 1.9.21 GNU GNU Privacy Guard 1.9.20 GNU GNU Privacy Guard 1.9.18 GNU GNU Privacy Guard 1.9.15 GNU GNU Privacy Guard 1.9.14 GNU GNU Privacy Guard 1.9.10 GNU GNU Privacy Guard 1.4.5 GNU GNU Privacy Guard 1.4.4 GNU GNU Privacy Guard 1.4.3 GNU GNU Privacy Guard 1.4.2 2 GNU GNU Privacy Guard 1.4.2 .1 GNU GNU Privacy Guard 1.4.2 GNU GNU Privacy Guard 1.4.1 GNU GNU Privacy Guard 1.4 GNU GNU Privacy Guard 1.3.4 GNU GNU Privacy Guard 1.3.3 GNU GNU Privacy Guard 1.2.7 GNU GNU Privacy Guard 1.2.6 GNU GNU Privacy Guard 1.2.5 GNU GNU Privacy Guard 1.2.4 GNU GNU Privacy Guard 1.2.3 GNU GNU Privacy Guard 1.2.2 -rc1 + S.u.S.E. Linux Personal 8.2 GNU GNU Privacy Guard 1.2.2 -r1 GNU GNU Privacy Guard 1.2.2 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Workstation 3.1.1 + MandrakeSoft Linux Mandrake 9.1 ppc + MandrakeSoft Linux Mandrake 9.1 GNU GNU Privacy Guard 1.2.1 GNU GNU Privacy Guard 1.2 GNU GNU Privacy Guard 1.0.7 GNU GNU Privacy Guard 1.0.6 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 GNU GNU Privacy Guard 1.0.5 - Caldera OpenLinux 2.4 - Caldera OpenLinux 2.3 - Caldera OpenLinux eBuilder 3.0 - Conectiva Linux 6.0 - Conectiva Linux 5.1 - Conectiva Linux 5.0 - Conectiva Linux 4.2 - Conectiva Linux 4.1 - Conectiva Linux 4.0 es - Conectiva Linux 4.0 - Conectiva Linux graficas - Conectiva Linux ecommerce - Debian Linux 2.2 sparc - Debian Linux 2.2 powerpc - Debian Linux 2.2 arm - Debian Linux 2.2 alpha - Debian Linux 2.2 68k - Debian Linux 2.2 - Immunix Immunix OS 7.0 beta - Immunix Immunix OS 7.0 - Immunix Immunix OS 6.2 - MandrakeSoft Corporate Server 1.0.1 - MandrakeSoft Linux Mandrake 8.1 - MandrakeSoft Linux Mandrake 8.0 ppc - MandrakeSoft Linux Mandrake 8.0 - MandrakeSoft Linux Mandrake 7.2 - MandrakeSoft Linux Mandrake 7.1 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - RedHat Linux 7.1 i386 - RedHat Linux 7.1 - RedHat Linux 7.0 i386 - RedHat Linux 7.0 alpha - RedHat Linux 7.0 - RedHat Linux 6.2 sparc - RedHat Linux 6.2 i386 - RedHat Linux 6.2 alpha - RedHat Linux 6.2 - S.u.S.E. Linux 7.1 - S.u.S.E. Linux 7.0 - S.u.S.E. Linux 6.4 - S.u.S.E. Linux 6.3 - Trustix Secure Linux 1.2 - Trustix Secure Linux 1.1 GNU GNU Privacy Guard 1.0.4 GNU GNU Privacy Guard 1.0.3 b GNU GNU Privacy Guard 1.0.3 GNU GNU Privacy Guard 1.0.2 GNU GNU Privacy Guard 1.0.1 GNU GNU Privacy Guard 1.0 .6 - MandrakeSoft Corporate Server 1.0.1 - MandrakeSoft Linux Mandrake 8.1 - MandrakeSoft Linux Mandrake 8.0 ppc - MandrakeSoft Linux Mandrake 8.0 - MandrakeSoft Linux Mandrake 7.2 - MandrakeSoft Linux Mandrake 7.1 GNU GNU Privacy Guard 1.0 GNU finger 1.0.7 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Avaya SES 3.0 Avaya SES 2.0 Avaya S8710 CM 3.1 Avaya S8710 CM 2.0 Avaya S8700 CM 3.1 Avaya S8700 CM 2.0 Avaya S8500 CM 3.1 Avaya S8500 CM 2.0 Avaya S8300 CM 3.1 Avaya S8300 CM 2.0 Avaya Messaging Storage Server Avaya Message Networking Avaya Intuity LX Avaya EMMC 0 Avaya CCS 3.0 Avaya CCS 2.0
Not Vulnerable:	IPCop IPCop 1.4.13 Gpg4win Gpg4win 1.0.8 GNU GNU Privacy Guard 2.0.2 GNU GNU Privacy Guard 1.4.6