49 matches found
Medium: gnupg
Issue Overview: GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. Affected Packages: gnupg Issue Correction: Run yum update gnu...
CVE-2013-4242
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload...
Design/Logic Flaw
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload...
CVE-2013-4242
CVE-2013-4242 affects GnuPG before 1.4.14 and Libgcrypt before 1.5.3 (as used in GnuPG 2.0.x), enabling a local user to obtain private RSA keys via a cache side-channel (Flush+Reload) on the L3 cache. The root cause is a cache side-channel leak in the RSA key handling within GnuPG/Libgcrypt. Docu...
Ubuntu Update for gnupg USN-1923-1
Check for the Version of gnupg OpenVAS Vulnerability Test $Id: gbubuntuUSN19231.nasl 8542 2018-01-26 06:57:28Z teissa $ Ubuntu Update for gnupg USN-1923-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...
USN-1923-1: GnuPG, Libgcrypt vulnerability
Yuval Yarom and Katrina Falkner discovered a timing-based information leak, known as Flush+Reload, that could be used to trace execution in programs. GnuPG and Libgcrypt followed different execution paths based on key-related data, which could be used to expose the contents of private keys...
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : gnupg, libgcrypt11 vulnerability (USN-1923-1)
Yuval Yarom and Katrina Falkner discovered a timing-based information leak, known as Flush+Reload, that could be used to trace execution in programs. GnuPG and Libgcrypt followed different execution paths based on key-related data, which could be used to expose the contents of private keys. Note...
FreeBSD : gnupg -- side channel attack on RSA secret keys (80771b89-f57b-11e2-bf21-b499baab0cbe)
A Yarom and Falkner paper reports : Flush+Reload is a cache side-channel attack that monitors access to data in shared pages. In this paper we demonstrate how to use the attack to extract private encryption keys from GnuPG. The high resolution and low noise of the Flush+Reload attack enables a sp...
gnupg -- side channel attack on RSA secret keys
A Yarom and Falkner paper reports: Flush+Reload is a cache side-channel attack that monitors access to data in shared pages. In this paper we demonstrate how to use the attack to extract private encryption keys from GnuPG. The high resolution and low noise of the Flush+Reload attack enables a spy...