Vulnerabilities > CVE-2003-0971 - Unspecified vulnerability in GNU Privacy Guard
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 12 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2003_048.NASL description The remote host is missing the patch for the advisory SuSE-SA:2003:048 (gpg). The gnupg (the SUSE package is named gpg) package is the most widely used software for cryptographic encryption/decryption of data. Two independent errors have been found in gpg (GnuPG) packages as shipped with SUSE products: A) A format string error in the client code that does key retrieval from a (public) key server B) A cryptographic error in gpg that results in a compromise of a cryptographic keypair if ElGamal signing keys have been used for generating the key. A) There exists a format string error in thhe client code for key retrieval from a keyserver. gpg-1.2.x version packages are affected by this vulnerability. The format string error can be used by an attacker performing a man-in-the-middle-attack between you and your keyserver, or by a compromised keyserver. The result is a crash of gpg or a potential execution of arbitrary code provided by the attacker, if the keyserver is used for key retrieval at the time of the attack. B) Werner Koch, the author of the gpg package, has publicly announced a weakness in gpg that has been reported to him by Phong Nguyen: ElGamal signing keys can be attacked within seconds to reveal the private key of the keypair. It is strongly advised that ElGamal signing keys should be revoked immediately. Only ElGamal keys are affected, other types are not vulnerable. To find out if you are using an ElGamal signing key, list your public keys using the command gpg --list-keys your_keyid Example: $ gpg --list-keys [email protected] pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <[email protected]> sub 2048g/8495160C 2000-10-19 [expires: 2006-02-12] $ If your key lists a capital last seen 2020-06-01 modified 2020-06-02 plugin id 13816 published 2004-07-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13816 title SuSE-SA:2003:048: gpg code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SuSE-SA:2003:048 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(13816); script_bugtraq_id(9115); script_version ("1.15"); script_cve_id("CVE-2003-0971"); name["english"] = "SuSE-SA:2003:048: gpg"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SuSE-SA:2003:048 (gpg). The gnupg (the SUSE package is named gpg) package is the most widely used software for cryptographic encryption/decryption of data. Two independent errors have been found in gpg (GnuPG) packages as shipped with SUSE products: A) A format string error in the client code that does key retrieval from a (public) key server B) A cryptographic error in gpg that results in a compromise of a cryptographic keypair if ElGamal signing keys have been used for generating the key. A) There exists a format string error in thhe client code for key retrieval from a keyserver. gpg-1.2.x version packages are affected by this vulnerability. The format string error can be used by an attacker performing a man-in-the-middle-attack between you and your keyserver, or by a compromised keyserver. The result is a crash of gpg or a potential execution of arbitrary code provided by the attacker, if the keyserver is used for key retrieval at the time of the attack. B) Werner Koch, the author of the gpg package, has publicly announced a weakness in gpg that has been reported to him by Phong Nguyen: ElGamal signing keys can be attacked within seconds to reveal the private key of the keypair. It is strongly advised that ElGamal signing keys should be revoked immediately. Only ElGamal keys are affected, other types are not vulnerable. To find out if you are using an ElGamal signing key, list your public keys using the command gpg --list-keys your_keyid Example: $ gpg --list-keys [email protected] pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <[email protected]> sub 2048g/8495160C 2000-10-19 [expires: 2006-02-12] $ If your key lists a capital 'G' after the key's length (like in pub 1536G/...), then your key is vulnerable. A small letter 'g' after the key length does NOT indicate any problem. ElGamal keys can be used for primary keys as well as for subkeys. In the case where only a subkey is an ElGamal key, it is sufficient to revoke this specific subkey. To revoke a key, generate a revocation certificate using the following command: gpg --gen-revoke your_keyid > revocation_certificate.pgp Then, the revokation certificate must be imported into your keyring: gpg --import < revocation_certificate.pgp As your last action, send the key with its revocation certificate to the keyservers that know your key: gpg --keyserver wwwkeys.eu.pgp.net --send-keys your_keyid ElGamal keys can only be generated by gpg if a special option (--expert) has been used to reveal 'expert' options, and if a warning has been ignored after your choice to use ElGamal keys. Such keys are rare (Werner Koch reports 848 primary ElGamal signing keys and 324 vulnerable subkeys on the keyservers.). Therefore, we expect that only experienced users of gpg may be vulnerable to the ElGamal signing key error." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/2003_048_gpg.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/25"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_end_attributes(); summary["english"] = "Check for the version of the gpg package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"gpg-1.2.2-121", release:"SUSE9.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"gpg-1.2.2rc1-98", release:"SUSE8.2") ) { security_warning(0); exit(0); } if (rpm_exists(rpm:"gpg-", release:"SUSE9.0") || rpm_exists(rpm:"gpg-", release:"SUSE8.2") ) { set_kb_item(name:"CVE-2003-0971", value:TRUE); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_GNUPG_123_4.NASL description The following package needs to be updated: gnupg last seen 2016-09-26 modified 2004-07-06 plugin id 12547 published 2004-07-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=12547 title FreeBSD : ElGamal sign+encrypt keys created by GnuPG can be compromised (61) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-395.NASL description Updated gnupg packages are now available for Red Hat Enterprise Linux. These updates disable the ability to generate ElGamal keys (used for both signing and encrypting) and disable the ability to use ElGamal public keys for encrypting data. GnuPG is a utility for encrypting data and creating digital signatures. Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys, when those keys are used both to sign and encrypt data. This vulnerability can be used to trivially recover the private key. While the default behavior of GnuPG when generating keys does not lead to the creation of unsafe keys, by overriding the default settings an unsafe key could have been created. If you are using ElGamal keys, you should revoke those keys immediately. The packages included in this update do not make ElGamal keys safe to use; they merely include a patch by David Shaw that disables functions that would generate or use ElGamal keys. To determine if your key is affected, run the following command to obtain a list of secret keys that you have on your secret keyring : gpg --list-secret-keys The output of this command includes both the size and type of the keys found, and will look similar to this example : /home/example/.gnupg/secring.gpg ---------------------------------------------------- sec 1024D/01234567 2000-10-17 Example User <[email protected]> uid Example User <[email protected]> The key length, type, and ID are listed together, separated by a forward slash. In the example output above, the key last seen 2020-06-01 modified 2020-06-02 plugin id 12439 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12439 title RHEL 2.1 / 3 : gnupg (RHSA-2003:395) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-109.NASL description A severe vulnerability was discovered in GnuPG by Phong Nguyen relating to ElGamal sign+encrypt keys. From Werner Koch last seen 2020-06-01 modified 2020-06-02 plugin id 14091 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14091 title Mandrake Linux Security Advisory : gnupg (MDKSA-2003:109) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-429.NASL description Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. This update disables the use of this type of key. last seen 2020-06-01 modified 2020-06-02 plugin id 15266 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15266 title Debian DSA-429-1 : gnupg - cryptographic weakness NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_813136472D0311D893550020ED76EF5A.NASL description Any ElGamal sign+encrypt keys created by GnuPG contain a cryptographic weakness that may allow someone to obtain the private key. These keys should be considered unusable and should be revoked. The following summary was written by Werner Koch, GnuPG author : Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will reveal your private key within a few seconds. ... Please take immediate action and revoke your ElGamal signing keys. Furthermore you should take whatever measures necessary to limit the damage done for signed or encrypted documents using that key. Note that the standard keys as generated by GnuPG (DSA and ElGamal encryption) as well as RSA keys are NOT vulnerable. Note also that ElGamal signing keys cannot be generated without the use of a special flag to enable hidden options and even then overriding a warning message about this key type. See below for details on how to identify vulnerable keys. last seen 2020-06-01 modified 2020-06-02 plugin id 36752 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36752 title FreeBSD : ElGamal sign+encrypt keys created by GnuPG can be compromised (81313647-2d03-11d8-9355-0020ed76ef5a)
Oval
accepted | 2013-04-29T04:10:27.560-04:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
definition_extensions |
| ||||||||
description | GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature. | ||||||||
family | unix | ||||||||
id | oval:org.mitre.oval:def:10982 | ||||||||
status | accepted | ||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||
title | GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature. | ||||||||
version | 26 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/32282/_BSSADV-0000.txt |
id | PACKETSTORM:32282 |
last seen | 2016-12-05 |
published | 2003-12-01 |
reporter | The Bugtraq Team |
source | https://packetstormsecurity.com/files/32282/_BSSADV-0000.txt.html |
title | _BSSADV-0000.txt |
Redhat
advisories |
| ||||||||
rpms |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000798
- http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html
- http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html
- http://marc.info/?l=bugtraq&m=106995769213221&w=2
- http://secunia.com/advisories/10304
- http://secunia.com/advisories/10349
- http://secunia.com/advisories/10399
- http://secunia.com/advisories/10400
- http://www.debian.org/security/2004/dsa-429
- http://www.kb.cert.org/vuls/id/940388
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:109
- http://www.novell.com/linux/security/advisories/2003_048_gpg.html
- http://www.redhat.com/support/errata/RHSA-2003-390.html
- http://www.redhat.com/support/errata/RHSA-2003-395.html
- http://www.securityfocus.com/bid/9115
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982