what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2013-4351

Status Candidate

Overview

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.

Related Files

Gentoo Linux Security Advisory 201402-24
Posted Feb 22, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-24 - Multiple vulnerabilities have been discovered in GnuPG and Libgcrypt, which may result in execution of arbitrary code, Denial of Service, or the disclosure of private keys. Versions less than 2.0.22 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6085, CVE-2013-4242, CVE-2013-4351, CVE-2013-4402
SHA-256 | b179c24948b12fd20220e710cd0fc8df88dcb5a2e4985677436d991735781ae4
Red Hat Security Advisory 2013-1459-01
Posted Oct 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1459-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send specially crafted input data to GnuPG, making GnuPG enter an infinite loop when parsing data. It was found that importing a corrupted public key into a GnuPG keyring database corrupted that keyring. An attacker could use this flaw to trick a local user into importing a specially crafted public key into their keyring database, causing the keyring to be corrupted and preventing its further use.

tags | advisory, denial of service, local
systems | linux, redhat
advisories | CVE-2012-6085, CVE-2013-4351, CVE-2013-4402
SHA-256 | 66f4f380227d5284e4fe726da477005d273d6e0b0babb21afcad548a7d3c4cc5
Red Hat Security Advisory 2013-1458-01
Posted Oct 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1458-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process could possibly use this flaw to obtain portions of the RSA secret key.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6085, CVE-2013-4242, CVE-2013-4351, CVE-2013-4402
SHA-256 | 4ed140d307f2bb993d4c7916c9f09e01858d795fc86538c67ede4581485941e0
Debian Security Advisory 2773-1
Posted Oct 11, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2773-1 - Two vulnerabilities were discovered in GnuPG, the GNU privacy guard, a free PGP replacement.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-4351, CVE-2013-4402
SHA-256 | e077ea3264c37bcd24fbc332abf425b7495d109a8d76e55af9da3f607195c663
Debian Security Advisory 2774-1
Posted Oct 11, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2774-1 - Two vulnerabilities were discovered in GnuPG 2, the GNU privacy guard, a free PGP replacement.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-4351, CVE-2013-4402
SHA-256 | 7bbc4f5dc7ed8480336fce6b2293b35a941d9c5286990097f3237cb526b79318
Mandriva Linux Security Advisory 2013-247
Posted Oct 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-247 - GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared as if it has all bits set, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. Special crafted input data may be used to cause a denial of service against GPG. GPG can be forced to recursively parse certain parts of OpenPGP messages ad infinitum. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-4351, CVE-2013-4402
SHA-256 | eb8b68dbe596e9a343773777e3107f217d9e0cde3797f3795ed8c6806caff422
Ubuntu Security Notice USN-1987-1
Posted Oct 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1987-1 - Daniel Kahn Gillmor discovered that GnuPG treated keys with empty usage flags as being valid for all usages. Taylor R Campbell discovered that GnuPG incorrectly handled certain OpenPGP messages. If a user or automated system were tricked into processing a specially-crafted message, GnuPG could consume resources, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4351, CVE-2013-4402, CVE-2013-4351, CVE-2013-4402
SHA-256 | fe6b43115bf990088629c8dd208be6d6502447a5e0f1583e80cfafa294f4b8a3
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close