CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
5.3%
Yarom and Falkner discovered that RSA secret keys in applications using GnuPG 1.x, and using the libgcrypt library, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system (CVE-2013-4242).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 2 | noarch | gnupg | < 1.4.12-1.2 | gnupg-1.4.12-1.2.mga2 |
Mageia | 2 | noarch | libgcrypt | < 1.5.0-2.1 | libgcrypt-1.5.0-2.1.mga2 |
Mageia | 3 | noarch | gnupg | < 1.4.14-1 | gnupg-1.4.14-1.mga3 |
Mageia | 3 | noarch | libgcrypt | < 1.5.3-1 | libgcrypt-1.5.3-1.mga3 |
eprint.iacr.org/2013/448
lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html
lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
www.debian.org/security/2013/dsa-2730
www.debian.org/security/2013/dsa-2731
www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:205/
bugs.mageia.org/show_bug.cgi?id=10850