Vulnerabilities > CVE-2013-4576 - Credentials Management vulnerability in Gnupg

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.

Vulnerable Configurations

Part Description Count
Application
Gnupg
100

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0016.NASL
    descriptionAn updated gnupg package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to side-channel attacks via acoustic cryptanalysis. An attacker in close range to a target system that is decrypting ciphertexts could possibly use this flaw to recover the RSA secret key from that system. (CVE-2013-4576) Red Hat would like to thank Werner Koch of GnuPG upstream for reporting this issue. Upstream acknowledges Genkin, Shamir, and Tromer as the original reporters. All gnupg users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id71866
    published2014-01-09
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71866
    titleCentOS 5 : gnupg (CESA-2014:0016)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140108_GNUPG_ON_SL5_X.NASL
    descriptionIt was found that GnuPG was vulnerable to side-channel attacks via acoustic cryptanalysis. An attacker in close range to a target system that is decrypting ciphertexts could possibly use this flaw to recover the RSA secret key from that system. (CVE-2013-4576)
    last seen2020-03-18
    modified2014-01-10
    plugin id71893
    published2014-01-10
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71893
    titleScientific Linux Security Update : gnupg on SL5.x i386/x86_64 (20140108)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-295.NASL
    descriptionA vulnerability has been discovered and corrected in gnupg : Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts (CVE-2013-4576). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id71554
    published2013-12-20
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71554
    titleMandriva Linux Security Advisory : gnupg (MDVSA-2013:295)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_2E5715F867F711E39811B499BAAB0CBE.NASL
    descriptionWerner Koch reports : CVE-2013-4576 has been assigned to this security bug. The paper describes two attacks. The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption. This is in general not a problem but may be used to reveal the information that a message, encrypted to a commonly not used key, has been received by the targeted machine. We do not have a software solution to mitigate this attack. The second attack is more serious. It is an adaptive chosen ciphertext attack to reveal the private key. A possible scenario is that the attacker places a sensor (for example a standard smartphone) in the vicinity of the targeted machine. That machine is assumed to do unattended RSA decryption of received mails, for example by using a mail client which speeds up browsing by opportunistically decrypting mails expected to be read soon. While listening to the acoustic emanations of the targeted machine, the smartphone will send new encrypted messages to that machine and re-construct the private key bit by bit. A 4096 bit RSA key used on a laptop can be revealed within an hour.
    last seen2020-06-01
    modified2020-06-02
    plugin id71529
    published2013-12-19
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71529
    titleFreeBSD : gnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack (2e5715f8-67f7-11e3-9811-b499baab0cbe)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2821.NASL
    descriptionGenkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts.
    last seen2020-03-17
    modified2013-12-19
    plugin id71526
    published2013-12-19
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71526
    titleDebian DSA-2821-1 : gnupg - side channel attack
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-23615.NASL
    descriptionWhat
    last seen2020-03-17
    modified2013-12-30
    plugin id71766
    published2013-12-30
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71766
    titleFedora 19 : gnupg-1.4.16-2.fc19 (2013-23615)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-23603.NASL
    descriptionWhat
    last seen2020-03-17
    modified2013-12-23
    plugin id71597
    published2013-12-23
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71597
    titleFedora 20 : gnupg-1.4.16-2.fc20 (2013-23603)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1498.NASL
    descriptionAccording to the versions of the libgcrypt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.(CVE-2014-5270) - libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.(CVE-2017-7526) - Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server
    last seen2020-04-30
    modified2020-04-16
    plugin id135660
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135660
    titleEulerOS Virtualization 3.0.2.2 : libgcrypt (EulerOS-SA-2020-1498)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1750.NASL
    descriptionAccording to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.(CVE-2014-5270) - libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.(CVE-2017-7526) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-07-22
    plugin id126877
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126877
    titleEulerOS 2.0 SP2 : libgcrypt (EulerOS-SA-2019-1750)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-577.NASL
    descriptionFix a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. (CVE-2015-0837) Fix a side-channel attack which can potentially lead to an information leak. (CVE-2014-3591) Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576 , which was fixed in ALAS-2014-278. (CVE-2014-5270)
    last seen2020-06-01
    modified2020-06-02
    plugin id85232
    published2015-08-05
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85232
    titleAmazon Linux AMI : libgcrypt (ALAS-2015-577)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2006.NASL
    descriptionAccording to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.(CVE-2014-5270) - libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.(CVE-2017-7526) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-24
    plugin id129199
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129199
    titleEulerOS 2.0 SP3 : libgcrypt (EulerOS-SA-2019-2006)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1189.NASL
    descriptionAccording to the versions of the libgcrypt package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.(CVE-2014-5270) - libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.(CVE-2017-7526) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134478
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134478
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : libgcrypt (EulerOS-SA-2020-1189)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2059-1.NASL
    descriptionDaniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via acoustic emanations. A local attacker could use this attack to possibly recover private keys. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id71532
    published2013-12-19
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71532
    titleUbuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : gnupg vulnerability (USN-2059-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-278.NASL
    descriptionGnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.
    last seen2020-06-01
    modified2020-06-02
    plugin id72296
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72296
    titleAmazon Linux AMI : gnupg (ALAS-2014-278)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0016.NASL
    descriptionAn updated gnupg package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to side-channel attacks via acoustic cryptanalysis. An attacker in close range to a target system that is decrypting ciphertexts could possibly use this flaw to recover the RSA secret key from that system. (CVE-2013-4576) Red Hat would like to thank Werner Koch of GnuPG upstream for reporting this issue. Upstream acknowledges Genkin, Shamir, and Tromer as the original reporters. All gnupg users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id71878
    published2014-01-09
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71878
    titleRHEL 5 : gnupg (RHSA-2014:0016)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0016.NASL
    descriptionFrom Red Hat Security Advisory 2014:0016 : An updated gnupg package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to side-channel attacks via acoustic cryptanalysis. An attacker in close range to a target system that is decrypting ciphertexts could possibly use this flaw to recover the RSA secret key from that system. (CVE-2013-4576) Red Hat would like to thank Werner Koch of GnuPG upstream for reporting this issue. Upstream acknowledges Genkin, Shamir, and Tromer as the original reporters. All gnupg users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id71876
    published2014-01-09
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71876
    titleOracle Linux 5 : gnupg (ELSA-2014-0016)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2013-354-01.NASL
    descriptionNew gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id71573
    published2013-12-23
    reporterThis script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71573
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : gnupg (SSA:2013-354-01)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-23678.NASL
    descriptionWhat
    last seen2020-03-17
    modified2013-12-30
    plugin id71767
    published2013-12-30
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71767
    titleFedora 18 : gnupg-1.4.16-2.fc18 (2013-23678)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2205.NASL
    descriptionAccording to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.(CVE-2014-5270) - libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.(CVE-2017-7526) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130667
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130667
    titleEulerOS 2.0 SP5 : libgcrypt (EulerOS-SA-2019-2205)

Redhat

advisories
bugzilla
id1043327
titleCVE-2013-4576 gnupg: RSA secret key recovery via acoustic cryptanalysis
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • commentgnupg is earlier than 0:1.4.5-18.el5_10.1
      ovaloval:com.redhat.rhsa:tst:20140016001
    • commentgnupg is signed with Red Hat redhatrelease key
      ovaloval:com.redhat.rhsa:tst:20070107002
rhsa
idRHSA-2014:0016
released2014-01-08
severityModerate
titleRHSA-2014:0016: gnupg security update (Moderate)
rpms
  • gnupg-0:1.4.5-18.el5_10.1
  • gnupg-debuginfo-0:1.4.5-18.el5_10.1