rPath Information for VU#427009
GnuPG vulnerable to remote data control
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 07 Dec 2006
rPath Security Advisory: 2006-0227-1
Products: rPath Linux 1
Exposure Level Classification:
Indirect Deterministic Privilege Escalation
Previous versions of the gnupg package will execute attacker-provided
code found in intentionally malformed OpenPGP packets. This allows an
attacker to run arbitrary code as the user invoking gpg on the file
that contains the malformed packets.
The vendor has not provided us with any further information regarding this vulnerability.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.