ID de Prueba:	1.3.6.1.4.1.25623.1.0.51871
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:057 (gnupg)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to gnupg announced via advisory MDKSA-2005:057. The OpenPGP protocol is vulnerable to a timing-attack in order to gain plain text from cipher text. The timing difference appears as a side effect of the so-called quick scan and is only exploitable on systems that accept an arbitrary amount of cipher text for automatic decryption. The updated packages have been patched to disable the quick check for all public key-encrypted messages and files. Affected versions: 10.0, 10.1, 9.2, Corporate 3.0, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:057 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0366 http://www.kb.cert.org/vuls/id/303094 http://www.pgp.com/library/ctocorner/openpgp.html Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 12529 Common Vulnerability Exposure (CVE) ID: CVE-2005-0366 http://www.securityfocus.com/bid/12529 CERT/CC vulnerability note: VU#303094 http://www.kb.cert.org/vuls/id/303094 http://www.gentoo.org/security/en/glsa/glsa-200503-29.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:057 http://eprint.iacr.org/2005/033 http://eprint.iacr.org/2005/033.pdf http://www.osvdb.org/13775 http://securitytracker.com/id?1013166 SuSE Security Announcement: SUSE-SR:2005:007 (Google Search) http://www.novell.com/linux/security/advisories/2005_07_sr.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.