Lucene search
Copyright (C) 2008 E-Soft Inc.OPENVAS:136141256231053128HistoryJan 17, 2008 - 12:00 a.m.
Debian Security Advisory DSA 429-1 (gnupg)
2008-01-1700:00:00
Copyright (C) 2008 E-Soft Inc.
plugins.openvas.org
6
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.012
Percentile
85.5%
The remote host is missing an update to gnupg announced via advisory DSA 429-1.
This VT has been merged into the VT
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.53128");
script_version("2023-06-29T08:15:14+0000");
script_tag(name:"last_modification", value:"2023-06-29 08:15:14 +0000 (Thu, 29 Jun 2023)");
script_tag(name:"creation_date", value:"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)");
script_cve_id("CVE-2003-0971");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_name("Debian Security Advisory DSA 429-1 (gnupg)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Debian Local Security Checks");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20429-1");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/9115");
script_tag(name:"insight", value:"Phong Nguyen identified a severe bug in the way GnuPG creates and uses
ElGamal keys for signing. This is a significant security failure
which can lead to a compromise of almost all ElGamal keys used for
signing.
This update disables the use of this type of key.
For the current stable distribution (woody) this problem has been
fixed in version 1.0.6-4woody1.
For the unstable distribution, this problem has been fixed in version
1.2.4-1.
We recommend that you update your gnupg package.");
script_tag(name:"summary", value:"The remote host is missing an update to gnupg announced via advisory DSA 429-1.
This VT has been merged into the VT 'Debian: Security Advisory (DSA-429)' (OID: 1.3.6.1.4.1.25623.1.0.53137).");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"deprecated", value:TRUE);
exit(0);
}
exit(66);Related
nessus
nessus
Mandrake Linux Security Advisory : gnupg (MDKSA-2003:109)
2004-07-31 00:00:00
FreeBSD : ElGamal sign+encrypt keys created by GnuPG can be compromised (81313647-2d03-11d8-9355-0020ed76ef5a)
2009-04-23 00:00:00
Debian DSA-429-1 : gnupg - cryptographic weakness
2004-09-29 00:00:00
openvas
openvas
FreeBSD Ports: gnupg
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200312-05 (GnuPG)
2008-09-24 00:00:00
FreeBSD Ports: gnupg
2008-09-04 00:00:00
osv
osv
gnupg - cryptographic weakness
2004-01-26 00:00:00
gentoo
gentoo
GnuPG: ElGamal signing keys compromised and format string vulnerability
2003-12-12 00:00:00
nvd
nvd
CVE-2003-0971
2003-12-15 05:00:00
cvelist
cvelist
CVE-2003-0971
2003-12-02 05:00:00
freebsd
freebsd
ElGamal sign+encrypt keys created by GnuPG can be compromised
2003-11-27 00:00:00
redhat
redhat
(RHSA-2003:395) gnupg security update
2003-12-10 00:00:00
cert
cert
GnuPG creates ElGamal keys for signing using insufficient entropy
2003-12-29 00:00:00
cve
cve
CVE-2003-0971
2003-12-15 05:00:00
debian
debian
suse
suse
cryptographic compromise, remote cmd execution in gpg
2003-12-03 14:20:12
securityvulns
securityvulns
packetstorm
packetstorm
_BSSADV-0000.txt
2003-12-01 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.012
Percentile
85.5%
Related for OPENVAS:136141256231053128