Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> SuSE Local Security Checks >> SuSE-SA:2003:048: gpg


Vulnerability Assessment Details

SuSE-SA:2003:048: gpg

Vulnerability Assessment Summary
Check for the version of the gpg package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory SuSE-SA:2003:048 (gpg).


The gnupg (the SUSE package is named gpg) package is the most widely
used software for cryptographic encryption/decryption of data.

Two independent errors have been found in gpg (GnuPG) packages as shipped
with SUSE products:

A) A format string error in the client code that does key retrieval
from a (public) key server
B) A cryptographic error in gpg that results in a compromise of a
cryptographic keypair if ElGamal signing keys have been used for
generating the key.


A)
There exists a format string error in thhe client code for key retrieval
from a keyserver. gpg-1.2.x version packages are affected by this
vulnerability.
The format string error can be used by a possible hacker performing a
man-in-the-middle-attack between you and your keyserver, or by a
compromised keyserver. The result is a crash of gpg or a potential
execution of arbitrary code provided by the attacker, if the keyserver
is used for key retrieval at the time of the attack.

B)
Werner Koch, the author of the gpg package, has publicly announced a
weakness in gpg that has been reported to him by Phong Nguyen:
ElGamal signing keys can be attacked within seconds to reveal the
private key of the keypair. It is strongly advised that ElGamal signing
keys should be revoked immediately. Only ElGamal keys are affected, other
types are not vulnerable.

To find out if you are using an ElGamal signing key, list your public
keys using the command

gpg --list-keys your_keyid

Example:
$ gpg --list-keys build@suse.de
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key
sub 2048g/8495160C 2000-10-19 [expires: 2006-02-12]
$

If your key lists a capital 'G' after the key's length (like in
pub 1536G/...), then your key is vulnerable. A small letter 'g' after
the key length does NOT indicate any problem.
ElGamal keys can be used for primary keys as well as for subkeys. In the
case where only a subkey is an ElGamal key, it is sufficient to revoke
this specific subkey.

To revoke a key, generate a revocation certificate using the following
command:

gpg --gen-revoke your_keyid > revocation_certificate.pgp

Then, the revokation certificate must be imported into your keyring:

gpg --import < revocation_certificate.pgp

As your last action, send the key with its revocation certificate
to the keyservers that know your key:

gpg --keyserver wwwkeys.eu.pgp.net --send-keys your_keyid


ElGamal keys can only be generated by gpg if a special option (--expert)
has been used to reveal 'expert' options, and if a warning has been
ignored after your choice to use ElGamal keys. Such keys are rare
(Werner Koch reports 848 primary ElGamal signing keys and 324 vulnerable
subkeys on the keyservers.). Therefore, we expect that only experienced
users of gpg may be vulnerable to the ElGamal signing key error.




Solution : http://www.suse.de/security/2003_048_gpg.html
Network Security Threat Level: Medium

Networks Security ID: 9115

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors


Gigastone DDR3 16GB (8GBx2) 1600MHz PC3-12800 CL11 1.5V UDIMM 240 Pin Ram picture

Gigastone DDR3 16GB (8GBx2) 1600MHz PC3-12800 CL11 1.5V UDIMM 240 Pin Ram

$36.99



Apple Macbook Pro 13

Apple Macbook Pro 13" Laptop | 8GB RAM +256GB SSD | OS High Sierra | WARRANTY

$199.99



A-Tech 16GB 2 x 8GB PC3-12800 Laptop SODIMM DDR3 1600 Memory RAM PC3L 16G DDR3L picture

A-Tech 16GB 2 x 8GB PC3-12800 Laptop SODIMM DDR3 1600 Memory RAM PC3L 16G DDR3L

$36.99



A-Tech 8GB DDR3 1600 PC3-12800 Laptop SODIMM 204-Pin Memory RAM PC3L DDR3L 1x 8G picture

A-Tech 8GB DDR3 1600 PC3-12800 Laptop SODIMM 204-Pin Memory RAM PC3L DDR3L 1x 8G

$18.99



Team T-Force Delta RGB 16GB (2 x 8GB) 288-Pin PC RAM DDR4 3200 (PC4 25600) Intel picture

Team T-Force Delta RGB 16GB (2 x 8GB) 288-Pin PC RAM DDR4 3200 (PC4 25600) Intel

$54.99



Crucial 16GB(2 x 8GB) 1600MHz DDR3L SODIMM RAM PC3L-12800 2Rx8 Laptop Memory picture

Crucial 16GB(2 x 8GB) 1600MHz DDR3L SODIMM RAM PC3L-12800 2Rx8 Laptop Memory

$32.29



Samsung 16GB 2Rx4 PC4-2133 RDIMM DDR4-17000 ECC REG Registered Server Memory RAM picture

Samsung 16GB 2Rx4 PC4-2133 RDIMM DDR4-17000 ECC REG Registered Server Memory RAM

$19.99



16GB KIT 2x 8GB DDR4 3200MHz PC4-25600 288 pin DESKTOP Memory Non ECC 3200 RAM picture

16GB KIT 2x 8GB DDR4 3200MHz PC4-25600 288 pin DESKTOP Memory Non ECC 3200 RAM

$35.99



Gigastone DDR4 32GB (16GBx2) 2666MHz PC4-21300 CL19 1.2V UDIMM 288 Pin Ram picture

Gigastone DDR4 32GB (16GBx2) 2666MHz PC4-21300 CL19 1.2V UDIMM 288 Pin Ram

$69.99



HP Chromebook 11 G4 11.6

HP Chromebook 11 G4 11.6" Intel 2.16 GHz 4GB RAM 16GB eMMC Bluetooth HDMI Webcam

$79.99



Discussions

No Discussions have been posted on this vulnerability.