How to Buy
This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote Amazon Linux AMI host is missing a security update.
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of
introductions with certain patterns that introduce a side channel,
which allows physically proximate attackers to extract RSA keys via a
chosen-ciphertext attack and acoustic cryptanalysis during decryption.
NOTE: applications are not typically expected to protect themselves
from acoustic side-channel attacks, since this is arguably the
responsibility of the physical device. Accordingly, issues of this
type would not normally receive a CVE identifier. However, for this
issue, the developer has specified a security policy in which GnuPG
should offer side-channel resistance, and developer-specified
security-policy violations are within the scope of CVE.
See also :
Run 'yum update gnupg' to update your system.
Risk factor :
Low / CVSS Base Score : 2.1
Family: Amazon Linux Local Security Checks
Nessus Plugin ID: 72296 ()
CVE ID: CVE-2013-4576
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.