Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-429
HistoryJan 26, 2004 - 12:00 a.m.

gnupg - cryptographic weakness

2004-01-2600:00:00
Google
osv.dev
11

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Phong Nguyen identified a severe bug in the way GnuPG creates and uses
ElGamal keys for signing. This is a significant security failure
which can lead to a compromise of almost all ElGamal keys used for
signing.

This update disables the use of this type of key.

For the current stable distribution (woody) this problem has been
fixed in version 1.0.6-4woody1.

For the unstable distribution, this problem has been fixed in version
1.2.4-1.

We recommend that you update your gnupg package.

Related

nessus 6
debian 2
redhat 1
cve 1
cert 1
freebsd 1
openvas 8
gentoo 1
suse 1
packetstorm 1
securityvulns 1
nessus
nessus
Mandrake Linux Security Advisory : gnupg (MDKSA-2003:109)
2004-07-31 00:00:00
RHEL 2.1 / 3 : gnupg (RHSA-2003:395)
2004-07-06 00:00:00
FreeBSD : ElGamal sign+encrypt keys created by GnuPG can be compromised (61)
2004-07-06 00:00:00
debian
debian
[SECURITY] [DSA 429-2] New gnupg packages fix cryptographic weakness
2004-02-14 03:43:07
[SECURITY] [DSA 429-1] New gnupg packages fix cryptographic weakness in ElGamal signing keys
2004-01-27 00:41:07
redhat
redhat
(RHSA-2003:395) gnupg security update
2003-12-10 00:00:00
cve
cve
CVE-2003-0971
2003-12-15 05:00:00
cert
cert
GnuPG creates ElGamal keys for signing using insufficient entropy
2003-12-29 00:00:00
freebsd
freebsd
ElGamal sign+encrypt keys created by GnuPG can be compromised
2003-11-27 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200312-05 (GnuPG)
2008-09-24 00:00:00
Debian Security Advisory DSA 429-2 (gnupg)
2008-01-17 00:00:00
Debian Security Advisory DSA 429-2 (gnupg)
2008-01-17 00:00:00
gentoo
gentoo
GnuPG: ElGamal signing keys compromised and format string vulnerability
2003-12-12 00:00:00
suse
suse
cryptographic compromise, remote cmd execution in gpg
2003-12-03 14:20:12
packetstorm
packetstorm
_BSSADV-0000.txt
2003-12-01 00:00:00
securityvulns
securityvulns
Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)
2003-11-29 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON
Related for OSV:DSA-429
nessus6debian2redhat1cve1cert1freebsd1openvas8gentoo1suse1packetstorm1securityvulns1