Ubuntu 4.10 / 5.04 : gnupg vulnerability (USN-170-1)

Ubuntu Security Notice (C) 2005-2016 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Serge Mister and Robert Zuccherato discovered a weakness of the
symmetrical encryption algorithm of gnupg. When decrypting a message,
gnupg uses a feature called 'quick scan'
this can quickly check
whether the key that is used for decryption is (probably) the right
one, so that wrong keys can be determined quickly without decrypting
the whole message.

A failure of the quick scan will be determined much faster than a
successful one. Mister/Zuccherato demonstrated that this timing
difference can be exploited to an attack which allows an attacker to
decrypt parts of an encrypted message if an 'oracle' is available, i.
e. an automatic system that receives random encrypted messages from
the attacker and answers whether it passes the quick scan check.

However, since the attack requires a huge amount of oracle answers
(about 32.000 for every 16 bytes of ciphertext), this attack is mostly
theoretical. It does not have any impact on human operation of gnupg
and is not believed to be exploitable in practice.

The updated packages disable the quick check, which renders this
timing attack impossible.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected gnupg package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 20577 ()

Bugtraq ID:

CVE ID: CVE-2005-0366

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial