exploits , vulnerabilities , articles , GnuPG ElGamal Signing Key Private Key Compromise Vulnerability

Title	GnuPG ElGamal Signing Key Private Key Compromise Vulnerability
Published	2003-11-27-12:00AM
Updated	2004-03-03-04:52PM
Class	Design Error
CVE	CAN-2003-0971
Remote	Yes
Local	No
Credit	Discovery of this issue is credited to Phong Q. Nguyen.
Vulnerable	SGI ProPack 2.4 SGI ProPack 2.3 RedHat gnupg1.2.13.i386.rpm RedHat Linux 9.0 i386 RedHat gnupg1.0.76.i386.rpm RedHat Linux 8.0 i386 RedHat gnupg1.0.65.i386.rpm RedHat Linux 7.3 i386 RedHat gnupg1.0.63.ia64.rpm RedHat Linux 7.2 ia64 RedHat gnupg1.0.63.i386.rpm RedHat Linux 7.2 i386 RedHat gnupg1.0.411.i386.rpm RedHat Linux 7.1 i386 GNU GNU Privacy Guard 1.2.3 Conectiva Linux 9.0 MandrakeSoft Linux Mandrake 9.2 Turbolinux Turbolinux Desktop 10.0 GNU GNU Privacy Guard 1.2.2 rc1 S.u.S.E. Linux Personal 8.2 GNU GNU Privacy Guard 1.2.2 r1 Gentoo Linux 1.4 _rc1 Gentoo Linux 1.4 _rc2 Gentoo Linux 1.4 _rc3 GNU GNU Privacy Guard 1.2.2 Caldera OpenLinux Server 3.1.1 Caldera OpenLinux Workstation 3.1.1 MandrakeSoft Linux Mandrake 9.1 MandrakeSoft Linux Mandrake 9.1 ppc GNU GNU Privacy Guard 1.2.1 Conectiva Linux 9.0 OpenPKG OpenPKG 1.2 RedHat Linux 9.0 i386 Terra Soft Solutions Yellow Dog Linux 3.0 GNU GNU Privacy Guard 1.2 GNU GNU Privacy Guard 1.0.7 Conectiva Linux 7.0 Conectiva Linux 8.0 MandrakeSoft Corporate Server 2.1 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft gnupg1.0.73.1mdk.i586.rpm MandrakeSoft Linux Mandrake 8.2 MandrakeSoft Linux Mandrake 8.2 ppc MandrakeSoft Linux Mandrake 9.0 MandrakeSoft Multi Network Firewall 2.0 OpenPKG OpenPKG 1.1 RedHat Enterprise Linux AS 2.1 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux WS 2.1 IA64 RedHat Linux 7.1 i386 RedHat Linux 7.2 i386 RedHat Linux 7.2 ia64 RedHat Linux 7.3 i386 RedHat Linux 8.0 i386 RedHat Linux Advanced Work Station 2.1 Sun Linux 5.0.5 Turbolinux Turbolinux Server 6.1 Turbolinux Turbolinux Server 6.5 Turbolinux Turbolinux Server 7.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Workstation 6.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Workstation 8.0 GNU GNU Privacy Guard 1.0.6 Debian Linux 3.0 Debian Linux 3.0 alpha Debian Linux 3.0 arm Debian Linux 3.0 hppa Debian Linux 3.0 ia32 Debian Linux 3.0 ia64 Debian Linux 3.0 m68k Debian Linux 3.0 mips Debian Linux 3.0 mipsel Debian Linux 3.0 ppc Debian Linux 3.0 s/390 Debian Linux 3.0 sparc GNU GNU Privacy Guard 1.0.5 Caldera OpenLinux 2.3 Caldera OpenLinux 2.4 Caldera OpenLinux eBuilder 3.0 Conectiva Linux ecommerce Conectiva Linux graficas Conectiva Linux 4.0 Conectiva Linux 4.0 es Conectiva Linux 4.1 Conectiva Linux 4.2 Conectiva Linux 5.0 Conectiva Linux 5.1 Conectiva Linux 6.0 Debian Linux 2.2 Debian Linux 2.2 68k Debian Linux 2.2 alpha Debian Linux 2.2 arm Debian Linux 2.2 powerpc Debian Linux 2.2 sparc Immunix Immunix OS 6.2 Immunix Immunix OS 7.0 Immunix Immunix OS 7.0 beta MandrakeSoft Corporate Server 1.0.1 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.2 MandrakeSoft Linux Mandrake 8.0 MandrakeSoft Linux Mandrake 8.0 ppc MandrakeSoft Linux Mandrake 8.1 Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows ME RedHat Linux 6.2 RedHat Linux 6.2 alpha RedHat Linux 6.2 i386 RedHat Linux 6.2 sparc RedHat Linux 7.0 RedHat Linux 7.0 alpha RedHat Linux 7.0 i386 RedHat Linux 7.1 RedHat Linux 7.1 i386 S.u.S.E. Linux 6.3 S.u.S.E. Linux 6.4 S.u.S.E. Linux 7.0 S.u.S.E. Linux 7.1 Trustix Secure Linux 1.1 Trustix Secure Linux 1.2 GNU GNU Privacy Guard 1.0.4 Turbolinux Turbolinux 6.0.5 Turbolinux Turbolinux Server 6.5 Turbolinux Turbolinux Workstation 6.1 GNU GNU Privacy Guard 1.0.3 b GNU GNU Privacy Guard 1.0.3 GNU GNU Privacy Guard 1.0.2
Not Vulnerable
Code	The vendor has reported that there is a practical attack which will compromise private keys and all ElGamal signing keys that have been generated with vulnerable versions of the software should be considered compromised.
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
• 2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
• 2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
• 2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
• 2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability
• 2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
• 2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities
• 2009-12-17 Quick Heal AntiVirus Insecure Program File Permissions Local Privilege Escalation Vulnerability
• 2009-12-17 IntelliCom NetBiter webSCADA Multiple Default Password Security Bypass Vulnerabilities
• 2009-12-17 Webmatic Multiple Unspecified SQL Injection and Cross-Site Scripting Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 11:59:35 +0000