Lucene search

[email protected]CVE-2001-0072

HistoryFeb 12, 2001 - 5:00 a.m.

CVE-2001-0072

2001-02-1205:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

gnupg

public keys

private keys

trust breach

attacker

nvd

cve-2001-0072

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.5%

JSON

gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.

CPENameOperatorVersion
gnu:privacy_guardgnu privacy guardeq1.0.3
gnu:privacy_guardgnu privacy guardeq1.0
gnu:privacy_guardgnu privacy guardeq1.0.2
gnu:privacy_guardgnu privacy guardeq1.0.1
gnu:privacy_guardgnu privacy guardeq1.0.3b

CPE	Name	Operator	Version
gnu:privacy_guard	gnu privacy guard	eq	1.0.3
gnu:privacy_guard	gnu privacy guard	eq	1.0
gnu:privacy_guard	gnu privacy guard	eq	1.0.2
gnu:privacy_guard	gnu privacy guard	eq	1.0.1
gnu:privacy_guard	gnu privacy guard	eq	1.0.3b

References

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368

www.debian.org/security/2000/20001225b

www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3

www.osvdb.org/1702

www.redhat.com/support/errata/RHSA-2000-131.html

www.securityfocus.com/archive/1/152197

www.securityfocus.com/bid/2153

exchange.xforce.ibmcloud.com/vulnerabilities/5803

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.5%

JSON

Related for CVE-2001-0072

nessus1