Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades.
http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157 http://marc.theaimsgroup.com/?l=gnupg-users&m=115124706210430 http://marc.theaimsgroup.com/?l=full-disclosure&m=114907659313360 http://www.vuxml.org/freebsd/f900bda8-0472-11db-bbf7-000c6ec775d9.html
Insight
The following package is affected: gnupg
CVE-2006-3082
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length, which could lead to an integer overflow, as demonstrated using the --no-armor option.
Severity
Classification
-
CVE CVE-2006-3082 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities