CVE-2006-6169

Impact:
Low
Public Date:
2006-11-24
Bugzilla:
217950: CVE-2006-6169: gnupg2 < 2.0.1 buffer overflow

The MITRE CVE dictionary describes this issue as:

Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.

Find out more about CVE-2006-6169 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat does not consider this bug to be a security flaw. In order for this flaw to be exploited, a user would be required to enter shellcode into an interactive GnuPG session. Red Hat considers this to be an unlikely scenario.

Red Hat Enterprise Linux 5 contains a backported patch to address this issue.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (gnupg) RHSA-2006:0754 2006-12-06
Red Hat Enterprise Linux 2.1 (gnupg) RHSA-2006:0754 2006-12-06
Red Hat Enterprise Linux 3 (gnupg) RHSA-2006:0754 2006-12-06

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.