5

CVE-2003-0971

GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuPrivacy Guard Version1.0.2
GnuPrivacy Guard Version1.0.3
GnuPrivacy Guard Version1.0.3b
GnuPrivacy Guard Version1.0.4
GnuPrivacy Guard Version1.0.5
GnuPrivacy Guard Version1.0.6
GnuPrivacy Guard Version1.0.7
GnuPrivacy Guard Version1.2
GnuPrivacy Guard Version1.2.1
GnuPrivacy Guard Version1.2.2
GnuPrivacy Guard Version1.2.2 Updaterc1
GnuPrivacy Guard Version1.2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.85% 0.849
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000798
http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html
Patch
Vendor Advisory
http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html
Patch
http://marc.info/?l=bugtraq&m=106995769213221&w=2
http://secunia.com/advisories/10304
http://secunia.com/advisories/10349
http://secunia.com/advisories/10399
http://secunia.com/advisories/10400
http://www.debian.org/security/2004/dsa-429
http://www.kb.cert.org/vuls/id/940388
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2003:109
http://www.novell.com/linux/security/advisories/2003_048_gpg.html
http://www.redhat.com/support/errata/RHSA-2003-390.html
http://www.redhat.com/support/errata/RHSA-2003-395.html
http://www.securityfocus.com/bid/9115
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982