Ubuntu Security Notice (C) 2005-2016 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
Serge Mister and Robert Zuccherato discovered a weakness of the
symmetrical encryption algorithm of gnupg. When decrypting a message,
gnupg uses a feature called 'quick scan'; this can quickly check
whether the key that is used for decryption is (probably) the right
one, so that wrong keys can be determined quickly without decrypting
the whole message.
A failure of the quick scan will be determined much faster than a
successful one. Mister/Zuccherato demonstrated that this timing
difference can be exploited to an attack which allows an attacker to
decrypt parts of an encrypted message if an 'oracle' is available, i.
e. an automatic system that receives random encrypted messages from
the attacker and answers whether it passes the quick scan check.
However, since the attack requires a huge amount of oracle answers
(about 32.000 for every 16 bytes of ciphertext), this attack is mostly
theoretical. It does not have any impact on human operation of gnupg
and is not believed to be exploitable in practice.
The updated packages disable the quick check, which renders this
timing attack impossible.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Update the affected gnupg package.
Risk factor :
Medium / CVSS Base Score : 5.0