Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2003-0971
HistoryDec 15, 2003 - 5:00 a.m.

CVE-2003-0971

2003-12-1505:00:00
mitre
web.nvd.nist.gov
30
2
cve
gnupg
gpg
elgamal
encryption
signature
private key

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.012

Percentile

85.5%

JSON

GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.

Affected configurations

Nvd
Node
gnuprivacy_guardMatch1.0.2
OR
gnuprivacy_guardMatch1.0.3
OR
gnuprivacy_guardMatch1.0.3b
OR
gnuprivacy_guardMatch1.0.4
OR
gnuprivacy_guardMatch1.0.5
OR
gnuprivacy_guardMatch1.0.6
OR
gnuprivacy_guardMatch1.0.7
OR
gnuprivacy_guardMatch1.2
OR
gnuprivacy_guardMatch1.2.1
OR
gnuprivacy_guardMatch1.2.2
OR
gnuprivacy_guardMatch1.2.2rc1
OR
gnuprivacy_guardMatch1.2.3
VendorProductVersionCPE
gnuprivacy_guard1.2.2cpe:/a:gnu:privacy_guard:1.2.2:rc1::
gnuprivacy_guard1.0.3bcpe:/a:gnu:privacy_guard:1.0.3b:::
gnuprivacy_guard1.0.5cpe:/a:gnu:privacy_guard:1.0.5:::
gnuprivacy_guard1.2.3cpe:/a:gnu:privacy_guard:1.2.3:::
gnuprivacy_guard1.0.2cpe:/a:gnu:privacy_guard:1.0.2:::
gnuprivacy_guard1.2.2cpe:/a:gnu:privacy_guard:1.2.2:::
gnuprivacy_guard1.0.7cpe:/a:gnu:privacy_guard:1.0.7:::
gnuprivacy_guard1.2cpe:/a:gnu:privacy_guard:1.2:::
gnuprivacy_guard1.0.4cpe:/a:gnu:privacy_guard:1.0.4:::
gnuprivacy_guard1.2.1cpe:/a:gnu:privacy_guard:1.2.1:::
Rows per page:
1-10 of 121

References

Social References

More

Related

osv 1
openvas 8
gentoo 1
nvd 1
nessus 6
cvelist 1
cert 1
redhat 1
freebsd 1
suse 1
debian 2
securityvulns 1
packetstorm 1
osv
osv
gnupg - cryptographic weakness
2004-01-26 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200312-05 (GnuPG)
2008-09-24 00:00:00
Debian Security Advisory DSA 429-1 (gnupg)
2008-01-17 00:00:00
FreeBSD Ports: gnupg
2008-09-04 00:00:00
gentoo
gentoo
GnuPG: ElGamal signing keys compromised and format string vulnerability
2003-12-12 00:00:00
nvd
nvd
CVE-2003-0971
2003-12-15 05:00:00
nessus
nessus
FreeBSD : ElGamal sign+encrypt keys created by GnuPG can be compromised (81313647-2d03-11d8-9355-0020ed76ef5a)
2009-04-23 00:00:00
Mandrake Linux Security Advisory : gnupg (MDKSA-2003:109)
2004-07-31 00:00:00
FreeBSD : ElGamal sign+encrypt keys created by GnuPG can be compromised (61)
2004-07-06 00:00:00
cvelist
cvelist
CVE-2003-0971
2003-12-02 05:00:00
cert
cert
GnuPG creates ElGamal keys for signing using insufficient entropy
2003-12-29 00:00:00
redhat
redhat
(RHSA-2003:395) gnupg security update
2003-12-10 00:00:00
freebsd
freebsd
ElGamal sign+encrypt keys created by GnuPG can be compromised
2003-11-27 00:00:00
suse
suse
cryptographic compromise, remote cmd execution in gpg
2003-12-03 14:20:12
debian
debian
[SECURITY] [DSA 429-1] New gnupg packages fix cryptographic weakness in ElGamal signing keys
2004-01-27 00:41:07
[SECURITY] [DSA 429-2] New gnupg packages fix cryptographic weakness
2004-02-14 03:43:07
securityvulns
securityvulns
Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)
2003-11-29 00:00:00
packetstorm
packetstorm
_BSSADV-0000.txt
2003-12-01 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.012

Percentile

85.5%

JSON
Related for CVE-2003-0971
osv1openvas8gentoo1nvd1nessus6cvelist1cert1redhat1freebsd1suse1debian2securityvulns1packetstorm1