2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
GnuPG is vulnerable to side-channel attacks. An attacker in close physical range to the target system is able to decrypt ciphertexts using acoustic cryptanalysis to recover the RSA secret key belonging to the system.
CPE | Name | Operator | Version |
---|---|---|---|
gnupg | eq | 1.4.5__14.el5_5.1 |
lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html
osvdb.org/101170
rhn.redhat.com/errata/RHSA-2014-0016.html
seclists.org/oss-sec/2013/q4/520
seclists.org/oss-sec/2013/q4/523
www.cs.tau.ac.il/~tromer/acoustic/
www.debian.org/security/2013/dsa-2821
www.securityfocus.com/bid/64424
www.securitytracker.com/id/1029513
www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf
www.ubuntu.com/usn/USN-2059-1
access.redhat.com/security/updates/classification/#moderate
exchange.xforce.ibmcloud.com/vulnerabilities/89846
rhn.redhat.com/errata/RHSA-2014-0016.html