|Category:||Conectiva Local Security Checks|
|Title:||Conectiva Security Advisory CLA-2003:798|
|Summary:||Conectiva Security Advisory CLA-2003:798|
The remote host is missing updates announced in
GnuPG is an OpenPGP-compliant tool for secure communication used
to, for example, sign emails, encrypt, decrypt and verify (signed)
Phong Nguyen discovered a vulnerability (CVE-2003-0971) in the
way GnuPG deals with type 20 ElGamal sign+encrypt keys which allows
an attacker to recover the corresponding private key from a
signature. Other keys, such as ElGamal type 16 used only for
encryption, are not affected.
This is a serious vulnerability with immediate impact: all ElGamal
type 20 keys should be revoked and considered to be compromised, as
well as data signed or encrypted with such a key.
Please note that:
- by default, GnuPG does not generate this type of key
- in order to create an ElGamal type 20 key, one must (in recent
versions of GnuPG) add the --expert command line option, and even
then a warning is given saying that this key should not be used. In
older versions, only the warning is given.
To identify the vulnerable type 20 ElGamal keys, look for the G
identifier in a key listing such as the example below:
pub 2048G/xxxxxxxx 2001-01-05 John Doe
Other keys (including the ones identified by g, lower case) are not
The packages provided with this update have a patch created by
David Shaw which disables the creation of these keys and no longer
allows them to be used to create signatures.
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'
Risk factor : Medium
BugTraq ID: 9115|
Common Vulnerability Exposure (CVE) ID: CVE-2003-0971
Bugtraq: 20031127 GnuPG's ElGamal signing keys compromised (Google Search)
Conectiva Linux advisory: CLA-2003:798
SGI Security Advisory: 20040202-01-U
SuSE Security Announcement: SuSE-SA:2003:048 (Google Search)
Debian Security Information: DSA-429 (Google Search)
CERT/CC vulnerability note: VU#940388
|Copyright||Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com|
|This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.