Detections
Analytics
Mandrake Linux Security Advisory : gnupg (MDKSA-2003:061)
critical Nessus Plugin ID 14044
Synopsis
The remote Mandrake Linux host is missing a security update.Description
A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid.Patches have been applied for version 1.0.7 and all users are encouraged to upgrade.
Solution
Update the affected gnupg package.See Also
http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html
Plugin Details
Severity: Critical
ID: 14044
File Name: mandrake_MDKSA-2003-061.nasl
Version: 1.20
Type: local
Family: Mandriva Local Security Checks
Published: 7/31/2004
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:gnupg, cpe:/o:mandrakesoft:mandrake_linux:8.2, cpe:/o:mandrakesoft:mandrake_linux:9.0, cpe:/o:mandrakesoft:mandrake_linux:9.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 5/22/2003
Reference Information
CVE: CVE-2003-0255
MDKSA: 2003:061