Mandrake Linux Security Advisory : gnupg (MDKSA-2000:087)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

When importing keys from public key servers, GnuPG will import private
keys (also known as secret keys) in addition to public keys. If this
happens, the user's web of trust becomes corrupt. Additionally, when
used to check detached signatures, if the data file being checked
contains clearsigned data, GnuPG will not warn the user if the
detached signature is incorrect.

Solution :

Update the affected gnupg package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61873 ()

Bugtraq ID:

CVE ID: CVE-2001-0071
CVE-2001-0072

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now