Vulnerability CVE-2008-1530

Vulnerability Name:

CVE-2008-1530 (CCN-41547)

Assigned:

2008-03-27

Published:

2008-03-27

Updated:

2017-08-08

Summary:

GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-399

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-1530

Source: MLIST
Type: UNKNOWN
[Announce] 20080326 GnuPG 1.4.9 released

Source: CCN
Type: SA29568
GnuPG Duplicated IDs Memory Corruption

Source: SECUNIA
Type: Vendor Advisory
29568

Source: CCN
Type: GNU Web site
The GNU Privacy Guard

Source: CCN
Type: oCERT Advisories #2008-01
GnuPG memory corruption

Source: MISC
Type: UNKNOWN
http://www.ocert.org/advisories/ocert-2008-1.html

Source: CCN
Type: OSVDB ID: 43932
GnuPG Key Import ID Deduplication Memory Corruption

Source: BID
Type: UNKNOWN
28487

Source: CCN
Type: BID-28487
GnuPG Duplicated Key Import Memory Corruption Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2008-1056

Source: CCN
Type: gnupg Security Fix, Issue 894
segv when importing keys with duplicated ids

Source: CONFIRM
Type: UNKNOWN
https://bugs.g10code.com/gnupg/issue894

Source: CCN
Type: Gentoo Bugzilla Bug 214990
app-crypt/gnupg =1.4.8, =2.0.8 Memory corruption when importing keys (CVE-2008-1530)

Source: CONFIRM
Type: UNKNOWN
https://bugs.gentoo.org/show_bug.cgi?id=214990

Source: XF
Type: UNKNOWN
gnupg-keys-code-execution(41547)

Source: XF
Type: UNKNOWN
gnupg-keys-code-execution(41547)

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*

OR cpe:/a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*

OR cpe:/a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42317	P	Security update for the Linux Kernel (Important)	2022-07-18
oval:org.opensuse.security:def:20081530	V	CVE-2008-1530	2022-06-30
oval:org.opensuse.security:def:112155	P	dirmngr-2.2.27-2.4 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:33064	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:26178	P	Security update for the Linux Kernel (Important)	2021-12-02
oval:org.opensuse.security:def:32216	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:31693	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:32197	P	Security update for glibc (Moderate)	2021-10-06
oval:org.opensuse.security:def:26139	P	Security update for libvirt (Moderate)	2021-10-04
oval:org.opensuse.security:def:105691	P	dirmngr-2.2.27-2.4 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:31687	P	Security update for sqlite3 (Important)	2021-09-23
oval:org.opensuse.security:def:31266	P	Security update for transfig (Moderate)	2021-09-16
oval:org.opensuse.security:def:42119	P	Security update for openssl-1_1 (Low)	2021-09-07
oval:org.opensuse.security:def:26115	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:31245	P	Security update for MozillaFirefox (Important)	2021-08-17
oval:org.opensuse.security:def:32153	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:26090	P	Security update for systemd (Moderate)	2021-07-20
oval:org.opensuse.security:def:32131	P	Security update for ovmf (Important)	2021-06-22
oval:org.opensuse.security:def:31637	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:31192	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:36140	P	gpg2-2.0.9-25.33.39.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42547	P	gpg2-2.0.9-25.33.39.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31634	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:31618	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:31181	P	Security update for dhcp (Important)	2021-06-01
oval:org.opensuse.security:def:31180	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:32092	P	Security update for the Linux Kernel (Important)	2021-05-18
oval:org.opensuse.security:def:26039	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:31607	P	Security update for qemu (Important)	2021-04-16
oval:org.opensuse.security:def:31606	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:32060	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:33103	P	Security update for ovmf (Moderate)	2021-03-29
oval:org.opensuse.security:def:32272	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:31742	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:26192	P	Security update for php72 (Important)	2021-02-17
oval:org.opensuse.security:def:31337	P	Security update for python (Important)	2021-02-11
oval:org.opensuse.security:def:31692	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:26037	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:26031	P	Security update for php74 (Moderate)	2021-01-14
oval:org.opensuse.security:def:31744	P	Security update for MozillaFirefox (Important)	2021-01-12
oval:org.opensuse.security:def:25981	P	Security update for PackageKit (Low)	2020-12-22
oval:org.opensuse.security:def:32835	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:35712	P	gpg2-2.0.9-25.33.27.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35910	P	gpg2-2.0.9-25.33.31.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35559	P	gpg2-2.0.9-25.25.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41966	P	gpg2-2.0.9-25.25.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32000	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:31039	P	Security update for kdelibs3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31394	P	Security update for patch (Important)	2020-12-01
oval:org.opensuse.security:def:32321	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:26559	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31490	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:25789	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26677	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31377	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31595	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25740	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26236	P	Security update for libvpx (Moderate)	2020-12-01
oval:org.opensuse.security:def:25840	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:25186	P	Security update for ruby2.1 (Important)	2020-12-01
oval:org.opensuse.security:def:25886	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26407	P	Security update for libmad (Moderate)	2020-12-01
oval:org.opensuse.security:def:32524	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25275	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25605	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:32638	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25461	P	Security update for cpio (Moderate)	2020-12-01
oval:org.opensuse.security:def:25745	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31846	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:25689	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25893	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:31790	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:31113	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31831	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32360	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:31547	P	Security update for sblim-sfcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25828	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26712	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31378	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25942	P	Security update for gstreamer-0_10-plugins-bad (Moderate)	2020-12-01
oval:org.opensuse.security:def:26874	P	compat-libldap-2_3-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31824	P	Security update for bash (Low)	2020-12-01
oval:org.opensuse.security:def:26465	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:25110	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25314	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:26421	P	Security update for hdf5 (Important)	2020-12-01
oval:org.opensuse.security:def:25339	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:31781	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32677	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25472	P	Security update for apache2-mod_perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:25802	P	Recommended update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:31895	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:25690	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:25974	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:32043	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32426	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31027	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31987	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32382	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25842	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31389	P	Security update for orca (Moderate)	2020-12-01
oval:org.opensuse.security:def:26909	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31916	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:27103	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25111	P	Security update for openssl-1_0_0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25395	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26319	P	Security update for kde-cli-tools5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31847	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:25263	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:25467	P	Security update for ucode-intel (Important)	2020-12-01
oval:org.opensuse.security:def:26266	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31803	P	Security update for amanda (Moderate)	2020-12-01
oval:org.opensuse.security:def:25536	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31481	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:31934	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:32874	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25701	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:31028	P	Security update for java-1_7_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26524	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31398	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:31463	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25687	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:25995	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:31973	P	Security update for jakarta-taglibs-standard (Important)	2020-12-01
oval:org.opensuse.security:def:27138	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25122	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:25452	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:26368	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:32485	P	PolicyKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25264	P	Security update for memcached (Moderate)	2020-12-01
oval:org.opensuse.security:def:25548	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:25460	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25664	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:31956	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25765	P	Security update for Adobe Flash Player (Important)	2020-12-01

BACK