Mandrake Linux Security Advisory : gnupg (MDKSA-2005:057)

Medium Nessus Plugin ID 17334


The remote Mandrake Linux host is missing a security update.


The OpenPGP protocol is vulnerable to a timing-attack in order to gain plain text from cipher text. The timing difference appears as a side effect of the so-called 'quick scan' and is only exploitable on systems that accept an arbitrary amount of cipher text for automatic decryption.

The updated packages have been patched to disable the quick check for all public key-encrypted messages and files.


Update the affected gnupg package.

See Also

Plugin Details

Severity: Medium

ID: 17334

File Name: mandrake_MDKSA-2005-057.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2005/03/16

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gnupg, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2005/03/15

Reference Information

CVE: CVE-2005-0366

CERT: 303094

MDKSA: 2005:057