FreeBSD Local Security Checks : FreeBSD Ports: gnupg

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52533

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: gnupg

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: gnupg

CVE-2003-0971
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal
sign+encrypt keys using the same key component for encryption as for
signing, which allows attackers to determine the private key from a
signature.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0971
BugTraq ID: 9115
http://www.securityfocus.com/bid/9115
Bugtraq: 20031127 GnuPG's ElGamal signing keys compromised (Google Search)
http://marc.info/?l=bugtraq&m=106995769213221&w=2
CERT/CC vulnerability note: VU#940388
http://www.kb.cert.org/vuls/id/940388
Conectiva Linux advisory: CLA-2003:798
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000798
Debian Security Information: DSA-429 (Google Search)
http://www.debian.org/security/2004/dsa-429
http://www.mandriva.com/security/advisories?name=MDKSA-2003:109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982
http://www.redhat.com/support/errata/RHSA-2003-390.html
http://www.redhat.com/support/errata/RHSA-2003-395.html
http://secunia.com/advisories/10304
http://secunia.com/advisories/10349
http://secunia.com/advisories/10399
http://secunia.com/advisories/10400
SGI Security Advisory: 20040202-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SuSE Security Announcement: SuSE-SA:2003:048 (Google Search)
http://www.novell.com/linux/security/advisories/2003_048_gpg.html

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52533
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: gnupg
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: gnupg CVE-2003-0971 GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal sign+encrypt keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0971 BugTraq ID: 9115 http://www.securityfocus.com/bid/9115 Bugtraq: 20031127 GnuPG's ElGamal signing keys compromised (Google Search) http://marc.info/?l=bugtraq&m=106995769213221&w=2 CERT/CC vulnerability note: VU#940388 http://www.kb.cert.org/vuls/id/940388 Conectiva Linux advisory: CLA-2003:798 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000798 Debian Security Information: DSA-429 (Google Search) http://www.debian.org/security/2004/dsa-429 http://www.mandriva.com/security/advisories?name=MDKSA-2003:109 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982 http://www.redhat.com/support/errata/RHSA-2003-390.html http://www.redhat.com/support/errata/RHSA-2003-395.html http://secunia.com/advisories/10304 http://secunia.com/advisories/10349 http://secunia.com/advisories/10399 http://secunia.com/advisories/10400 SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc SuSE Security Announcement: SuSE-SA:2003:048 (Google Search) http://www.novell.com/linux/security/advisories/2003_048_gpg.html
Copyright	Copyright (C) 2008 E-Soft Inc.