Vulnerabilities > CVE-2003-0255 - Unspecified vulnerability in GNU Privacy Guard
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-176.NASL description Updated gnupg packages are now available which correct a bug in the GnuPG key validation functions. The GNU Privacy Guard (GnuPG) is a utility for encrypting data and creating digital signatures. When evaluating trust values for the UIDs assigned to a given key, GnuPG versions earlier than 1.2.2 would incorrectly associate the trust value of the UID having the highest trust value with every UID assigned to this key. This would prevent an expected warning message from being generated. All users are advised to upgrade to these errata packages which include an update to GnuPG 1.0.7 containing patches from the GnuPG development team to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12396 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12396 title RHEL 2.1 : gnupg (RHSA-2003:176) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:176. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12396); script_version ("1.28"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0255"); script_xref(name:"RHSA", value:"2003:176"); script_name(english:"RHEL 2.1 : gnupg (RHSA-2003:176)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated gnupg packages are now available which correct a bug in the GnuPG key validation functions. The GNU Privacy Guard (GnuPG) is a utility for encrypting data and creating digital signatures. When evaluating trust values for the UIDs assigned to a given key, GnuPG versions earlier than 1.2.2 would incorrectly associate the trust value of the UID having the highest trust value with every UID assigned to this key. This would prevent an expected warning message from being generated. All users are advised to upgrade to these errata packages which include an update to GnuPG 1.0.7 containing patches from the GnuPG development team to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0255" ); # http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html script_set_attribute( attribute:"see_also", value:"https://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:176" ); script_set_attribute(attribute:"solution", value:"Update the affected gnupg package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gnupg"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/05/27"); script_set_attribute(attribute:"patch_publication_date", value:"2003/06/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:176"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"gnupg-1.0.7-7.2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnupg"); } }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-061.NASL description A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid. Patches have been applied for version 1.0.7 and all users are encouraged to upgrade. last seen 2020-06-01 modified 2020-06-02 plugin id 14044 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14044 title Mandrake Linux Security Advisory : gnupg (MDKSA-2003:061) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:061. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14044); script_version ("1.19"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2003-0255"); script_xref(name:"MDKSA", value:"2003:061"); script_name(english:"Mandrake Linux Security Advisory : gnupg (MDKSA-2003:061)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid. Patches have been applied for version 1.0.7 and all users are encouraged to upgrade." ); script_set_attribute( attribute:"see_also", value:"http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html" ); script_set_attribute(attribute:"solution", value:"Update the affected gnupg package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gnupg"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2003/05/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"gnupg-1.0.7-3.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"gnupg-1.0.7-3.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"gnupg-1.2.2-1.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
| accepted | 2007-04-25T19:52:15.914-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| description | The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:135 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2003-08-19T12:00:00.000-04:00 | ||||||||||||
| title | GnuPG Invalid User ID Vulnerability | ||||||||||||
| version | 38 |
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694
- http://marc.info/?l=bugtraq&m=105215110111174&w=2
- http://marc.info/?l=bugtraq&m=105301357425157&w=2
- http://marc.info/?l=bugtraq&m=105311804129104&w=2
- http://marc.info/?l=bugtraq&m=105362224514081&w=2
- http://www.kb.cert.org/vuls/id/397604
- http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html
- http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:061
- http://www.osvdb.org/4947
- http://www.redhat.com/support/errata/RHSA-2003-175.html
- http://www.redhat.com/support/errata/RHSA-2003-176.html
- http://www.securityfocus.com/bid/7497
- http://www.turbolinux.com/security/TLSA-2003-34.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11930
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135