Lucene search

K

Kaspersky LabKLA10174

HistoryOct 09, 2013 - 12:00 a.m.

KLA10174 SB vulnerability in GnuPG

2013-10-0900:00:00

Kaspersky Lab

threats.kaspersky.com

43

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.3

Confidence

Low

EPSS

0.004

Percentile

74.4%

Improper permissions work was found in GnuPG. By exploiting this vulnerability malicious users can bypass cryptographic protection. This vulnerability can be exploited remotely via subkey.

Original advisories

Related products

CVE list

CVE-2013-4351 high

Solution

Update to latest version

Impacts

SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

GnuPG 1.4 all versionsGnuPG 2.0 all versionsGnuPG 2.1 all versions

References

statistics.securelist.com/

threats.kaspersky.com/en/product/GnuPG-gpg/

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.3

Confidence

Low

EPSS

0.004

Percentile

74.4%

Related for KLA10174

ubuntucve1 f52 nessus24 cvelist1 openvas34 prion1 cve1 nvd1 debiancve1 securityvulns2 debian2 mageia1 fedora5 amazon2 osv3 ubuntu1 oraclelinux2 redhat2 centos2 gentoo1 veracode2