Nessus Plugin #17616
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200503-29] GnuPG: OpenPGP protocol attack
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2005 Michel Arboi
- Summary:
- GnuPG: OpenPGP protocol attack
- Version:
- $Revision: 1.1 $
- Cve_id:
- CAN-2005-0366
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200503-29
- Description:
- The remote host is affected by the vulnerability described in GLSA-200503-29
(GnuPG: OpenPGP protocol attack)
A flaw has been identified in an integrity checking mechanism of
the OpenPGP protocol.
Impact
An automated system using GnuPG that allows an attacker to
repeatedly discover the outcome of an integrity check (perhaps by
observing the time required to return a response, or via overly verbose
error messages) could theoretically reveal a small portion of
plaintext.
Workaround
There is no known workaround at this time.
References:
http://www.kb.cert.org/vuls/id/303094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0366
Solution:
All GnuPG users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.1"
Risk factor : Low
Generiert am 27.04.2005 um 18:49:54 Uhr.