Detections
Analytics

FreeBSD : ElGamal sign+encrypt keys created by GnuPG can be compromised (81313647-2d03-11d8-9355-0020ed76ef5a)

medium Nessus Plugin ID 36752

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Any ElGamal sign+encrypt keys created by GnuPG contain a cryptographic weakness that may allow someone to obtain the private key. These keys should be considered unusable and should be revoked.

The following summary was written by Werner Koch, GnuPG author :

Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing.
Note that this is a real world vulnerability which will reveal your private key within a few seconds.

...

Please take immediate action and revoke your ElGamal signing keys.
Furthermore you should take whatever measures necessary to limit the damage done for signed or encrypted documents using that key.

Note that the standard keys as generated by GnuPG (DSA and ElGamal encryption) as well as RSA keys are NOT vulnerable. Note also that ElGamal signing keys cannot be generated without the use of a special flag to enable hidden options and even then overriding a warning message about this key type. See below for details on how to identify vulnerable keys.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?a8149f9b

http://www.nessus.org/u?e4c18118

Plugin Details

Severity: Medium

ID: 36752

File Name: freebsd_pkg_813136472d0311d893550020ed76ef5a.nasl

Version: 1.11

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:gnupg, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/12/2003

Vulnerability Publication Date: 11/27/2003

Reference Information

CVE: CVE-2003-0971