FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gnupg -- memory corruption vulnerability

Affected packages
1.0.0 <= gnupg < 1.4.9
2.0.0 <= gnupg < 2.0.9

Details

VuXML ID 30394651-13e1-11dd-bab7-0016179b2dd5
Discovery 2008-03-19
Entry 2008-04-26
Modified 2008-04-29

Secunia reports:

A vulnerability has been reported in GnuPG, which can potentially be exploited to compromise a vulnerable system.

The vulnerability is caused due to an error when importing keys with duplicated IDs. This can be exploited to cause a memory corruption when importing keys via --refresh-keys or --import.

Successful exploitation potentially allows execution of arbitrary code, but has not been proven yet.

References

Bugtraq ID 28487
CVE Name CVE-2008-1530
URL http://secunia.com/advisories/29568
URL http://www.ocert.org/advisories/ocert-2008-1.html
URL https://bugs.g10code.com/gnupg/issue894