| Vulnerability Name: | CVE-2001-0522 (CCN-6642) | ||||||||
| Assigned: | 2001-05-29 | ||||||||
| Published: | 2001-05-29 | ||||||||
| Updated: | 2018-05-03 | ||||||||
| Summary: | Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-01:44 gnupg contains format string vulnerability Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2001-020.0 format bug in gnupg Source: CCN Type: Synergy Networks Security Advisory 05/29/2001 [synnergy] - GnuPG remote format string vulnerability Source: CCN Type: Trustix Secure Linux Security Advisory #2001-0009 GnuPG Source: CCN Type: BugTraq Mailing List, Fri Jun 01 2001 - 14:23:54 CDT The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG) Source: CCN Type: SuSE Security Announcement SuSE-SA:2001:020 gpg/GnuPG Source: MITRE Type: CNA CVE-2001-0522 Source: CONECTIVA Type: UNKNOWN CLA-2001:399 Source: CCN Type: Conectiva Linux Announcement CLSA-2001:399 gnupg Source: IMMUNIX Type: UNKNOWN IMNX-2001-70-023-01 Source: CCN Type: Progeny Security Advisory PROGENY-SA-2001-16 gnupg format string vulnerability Source: CCN Type: Immunix OS Security Advisory IMNX-2001-70-023-01 gnupg Source: BUGTRAQ Type: UNKNOWN 20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG) Source: CCN Type: RHSA-2001-073 Updated GnuPG packages available Source: CALDERA Type: UNKNOWN CSSA-2001-020.0 Source: DEBIAN Type: UNKNOWN DSA-061 Source: DEBIAN Type: DSA-061 gnupg -- printf format attack Source: CCN Type: The GNU Privacy Guard Web site Download Source: CCN Type: GNU Privacy Guard General News 1.0.6 (2001-05-29) Source: CONFIRM Type: UNKNOWN http://www.gnupg.org/whatsnew.html#rn20010529 Source: CCN Type: ICZ Press Release Cryptologists from Czech company ICZ detected serious security vulnerability of an international magnitude Source: CCN Type: US-CERT VU#233200 GnuPG contains format-string vulnerability in handling of encrypted data filename Source: CCN Type: US-CERT VU#403051 GnuPG format string vulnerability in do_get() in ttyio.c while prompting for a new filename Source: CERT-VN Type: US Government Resource VU#403051 Source: MANDRAKE Type: Patch, Vendor Advisory MDKSA-2001:053 Source: SUSE Type: UNKNOWN SuSE-SA:2001:020 Source: OSVDB Type: UNKNOWN 1845 Source: CCN Type: OSVDB ID: 1845 GnuPG tty_printf() Format String Source: REDHAT Type: UNKNOWN RHSA-2001:073 Source: BID Type: UNKNOWN 2797 Source: CCN Type: BID-2797 GnuPG Format String Vulnerability Source: CCN Type: TurboLinux Security Announcement TLSA2001028 gnupg Source: TURBO Type: UNKNOWN TLSA2001028 Source: XF Type: UNKNOWN gnupg-tty-format-string(6642) Source: XF Type: UNKNOWN gnupg-tty-format-string(6642) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||