Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2003-0971
HistoryDec 15, 2003 - 5:00 a.m.

CVE-2003-0971

2003-12-1505:00:00
[email protected]
web.nvd.nist.gov
5

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.012

Percentile

85.5%

JSON

GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.

Affected configurations

Nvd
Node
gnuprivacy_guardMatch1.0.2
OR
gnuprivacy_guardMatch1.0.3
OR
gnuprivacy_guardMatch1.0.3b
OR
gnuprivacy_guardMatch1.0.4
OR
gnuprivacy_guardMatch1.0.5
OR
gnuprivacy_guardMatch1.0.6
OR
gnuprivacy_guardMatch1.0.7
OR
gnuprivacy_guardMatch1.2
OR
gnuprivacy_guardMatch1.2.1
OR
gnuprivacy_guardMatch1.2.2
OR
gnuprivacy_guardMatch1.2.2rc1
OR
gnuprivacy_guardMatch1.2.3

References

Related

osv 1
openvas 8
gentoo 1
nessus 6
cvelist 1
freebsd 1
redhat 1
cert 1
cve 1
suse 1
debian 2
securityvulns 1
packetstorm 1
osv
osv
gnupg - cryptographic weakness
2004-01-26 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200312-05 (GnuPG)
2008-09-24 00:00:00
Debian Security Advisory DSA 429-1 (gnupg)
2008-01-17 00:00:00
FreeBSD Ports: gnupg
2008-09-04 00:00:00
gentoo
gentoo
GnuPG: ElGamal signing keys compromised and format string vulnerability
2003-12-12 00:00:00
nessus
nessus
FreeBSD : ElGamal sign+encrypt keys created by GnuPG can be compromised (81313647-2d03-11d8-9355-0020ed76ef5a)
2009-04-23 00:00:00
Mandrake Linux Security Advisory : gnupg (MDKSA-2003:109)
2004-07-31 00:00:00
FreeBSD : ElGamal sign+encrypt keys created by GnuPG can be compromised (61)
2004-07-06 00:00:00
cvelist
cvelist
CVE-2003-0971
2003-12-02 05:00:00
freebsd
freebsd
ElGamal sign+encrypt keys created by GnuPG can be compromised
2003-11-27 00:00:00
redhat
redhat
(RHSA-2003:395) gnupg security update
2003-12-10 00:00:00
cert
cert
GnuPG creates ElGamal keys for signing using insufficient entropy
2003-12-29 00:00:00
cve
cve
CVE-2003-0971
2003-12-15 05:00:00
suse
suse
cryptographic compromise, remote cmd execution in gpg
2003-12-03 14:20:12
debian
debian
[SECURITY] [DSA 429-1] New gnupg packages fix cryptographic weakness in ElGamal signing keys
2004-01-27 00:41:07
[SECURITY] [DSA 429-2] New gnupg packages fix cryptographic weakness
2004-02-14 03:43:07
securityvulns
securityvulns
Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)
2003-11-29 00:00:00
packetstorm
packetstorm
_BSSADV-0000.txt
2003-12-01 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.012

Percentile

85.5%

JSON
Related for NVD:CVE-2003-0971
osv1openvas8gentoo1nessus6cvelist1freebsd1redhat1cert1cve1suse1debian2securityvulns1packetstorm1