Detections
Analytics

Mandrake Linux Security Advisory : gnupg (MDKSA-2005:057)

medium Nessus Plugin ID 17334

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

The OpenPGP protocol is vulnerable to a timing-attack in order to gain plain text from cipher text. The timing difference appears as a side effect of the so-called 'quick scan' and is only exploitable on systems that accept an arbitrary amount of cipher text for automatic decryption.

The updated packages have been patched to disable the quick check for all public key-encrypted messages and files.

Solution

Update the affected gnupg package.

See Also

http://www.pgp.com/library/ctocorner/openpgp.html

Plugin Details

Severity: Medium

ID: 17334

File Name: mandrake_MDKSA-2005-057.nasl

Version: 1.17

Type: local

Published: 3/16/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gnupg, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 3/15/2005

Reference Information

CVE: CVE-2005-0366

CERT: 303094

MDKSA: 2005:057