Mandrake Linux Security Advisory : gnupg (MDKSA-2005:057)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

The OpenPGP protocol is vulnerable to a timing-attack in order to gain
plain text from cipher text. The timing difference appears as a side
effect of the so-called 'quick scan' and is only exploitable on
systems that accept an arbitrary amount of cipher text for automatic
decryption.

The updated packages have been patched to disable the quick check for
all public key-encrypted messages and files.

See also :

http://www.pgp.com/library/ctocorner/openpgp.html

Solution :

Update the affected gnupg package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 17334 (mandrake_MDKSA-2005-057.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0366

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now