Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Published: 2013-12-20
Updated: 2024-11-21
Summary
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.
Vulnerable Configurations
Part | Description | Count |
Application | Gnupg | 100 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | CentOS Local Security Checks |
NASL id | CENTOS_RHSA-2014-0016.NASL |
description | An updated gnupg package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to side-channel attacks via acoustic cryptanalysis. An attacker in close range to a target system that is decrypting ciphertexts could possibly use this flaw to recover the RSA secret key from that system. (CVE-2013-4576) Red Hat would like to thank Werner Koch of GnuPG upstream for reporting this issue. Upstream acknowledges Genkin, Shamir, and Tromer as the original reporters. All gnupg users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 71866 |
published | 2014-01-09 |
reporter | This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/71866 |
title | CentOS 5 : gnupg (CESA-2014:0016) |
NASL family | Scientific Linux Local Security Checks |
NASL id | SL_20140108_GNUPG_ON_SL5_X.NASL |
description | It was found that GnuPG was vulnerable to side-channel attacks via acoustic cryptanalysis. An attacker in close range to a target system that is decrypting ciphertexts could possibly use this flaw to recover the RSA secret key from that system. (CVE-2013-4576) |
last seen | 2020-03-18 |
modified | 2014-01-10 |
plugin id | 71893 |
published | 2014-01-10 |
reporter | This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/71893 |
title | Scientific Linux Security Update : gnupg on SL5.x i386/x86_64 (20140108) |
NASL family | Mandriva Local Security Checks |
NASL id | MANDRIVA_MDVSA-2013-295.NASL |
description | A vulnerability has been discovered and corrected in gnupg : Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts (CVE-2013-4576). The updated packages have been patched to correct this issue. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 71554 |
published | 2013-12-20 |
reporter | This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/71554 |
title | Mandriva Linux Security Advisory : gnupg (MDVSA-2013:295) |
NASL family | FreeBSD Local Security Checks |
NASL id | FREEBSD_PKG_2E5715F867F711E39811B499BAAB0CBE.NASL |
description | Werner Koch reports : CVE-2013-4576 has been assigned to this security bug. The paper describes two attacks. The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption. This is in general not a problem but may be used to reveal the information that a message, encrypted to a commonly not used key, has been received by the targeted machine. We do not have a software solution to mitigate this attack. The second attack is more serious. It is an adaptive chosen ciphertext attack to reveal the private key. A possible scenario is that the attacker places a sensor (for example a standard smartphone) in the vicinity of the targeted machine. That machine is assumed to do unattended RSA decryption of received mails, for example by using a mail client which speeds up browsing by opportunistically decrypting mails expected to be read soon. While listening to the acoustic emanations of the targeted machine, the smartphone will send new encrypted messages to that machine and re-construct the private key bit by bit. A 4096 bit RSA key used on a laptop can be revealed within an hour. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 71529 |
published | 2013-12-19 |
reporter | This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/71529 |
title | FreeBSD : gnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack (2e5715f8-67f7-11e3-9811-b499baab0cbe) |
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-2821.NASL |
description | Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts. |
last seen | 2020-03-17 |
modified | 2013-12-19 |
plugin id | 71526 |
published | 2013-12-19 |
reporter | This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/71526 |
title | Debian DSA-2821-1 : gnupg - side channel attack |
NASL family | Fedora Local Security Checks |
NASL id | FEDORA_2013-23615.NASL |
description | What |
last seen | 2020-03-17 |
modified | 2013-12-30 |
plugin id | 71766 |
published | 2013-12-30 |
reporter | This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/71766 |
title | Fedora 19 : gnupg-1.4.16-2.fc19 (2013-23615) |
NASL family | Fedora Local Security Checks |
NASL id | FEDORA_2013-23603.NASL |
description | What |
last seen | 2020-03-17 |
modified | 2013-12-23 |
plugin id | 71597 |
published | 2013-12-23 |
reporter | This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/71597 |
title | Fedora 20 : gnupg-1.4.16-2.fc20 (2013-23603) |
NASL family | Huawei Local Security Checks |
NASL id | EULEROS_SA-2020-1498.NASL |
description | According to the versions of the libgcrypt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.(CVE-2014-5270) - libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.(CVE-2017-7526) - Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server |
last seen | 2020-04-30 |
modified | 2020-04-16 |
plugin id | 135660 |
published | 2020-04-16 |
reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/135660 |
title | EulerOS Virtualization 3.0.2.2 : libgcrypt (EulerOS-SA-2020-1498) |
NASL family | Huawei Local Security Checks |
NASL id | EULEROS_SA-2019-1750.NASL |
description | According to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.(CVE-2014-5270) - libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.(CVE-2017-7526) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
last seen | 2020-05-06 |
modified | 2019-07-22 |
plugin id | 126877 |
published | 2019-07-22 |
reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/126877 |
title | EulerOS 2.0 SP2 : libgcrypt (EulerOS-SA-2019-1750) |
NASL family | Amazon Linux Local Security Checks |
NASL id | ALA_ALAS-2015-577.NASL |
description | Fix a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. (CVE-2015-0837) Fix a side-channel attack which can potentially lead to an information leak. (CVE-2014-3591) Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576 , which was fixed in ALAS-2014-278. (CVE-2014-5270) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 85232 |
published | 2015-08-05 |
reporter | This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/85232 |
title | Amazon Linux AMI : libgcrypt (ALAS-2015-577) |
NASL family | Huawei Local Security Checks |
NASL id | EULEROS_SA-2019-2006.NASL |
description | According to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.(CVE-2014-5270) - libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.(CVE-2017-7526) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
last seen | 2020-05-08 |
modified | 2019-09-24 |
plugin id | 129199 |
published | 2019-09-24 |
reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/129199 |
title | EulerOS 2.0 SP3 : libgcrypt (EulerOS-SA-2019-2006) |
NASL family | Huawei Local Security Checks |
NASL id | EULEROS_SA-2020-1189.NASL |
description | According to the versions of the libgcrypt package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.(CVE-2014-5270) - libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.(CVE-2017-7526) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
last seen | 2020-03-19 |
modified | 2020-03-13 |
plugin id | 134478 |
published | 2020-03-13 |
reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/134478 |
title | EulerOS Virtualization for ARM 64 3.0.2.0 : libgcrypt (EulerOS-SA-2020-1189) |
NASL family | Ubuntu Local Security Checks |
NASL id | UBUNTU_USN-2059-1.NASL |
description | Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via acoustic emanations. A local attacker could use this attack to possibly recover private keys. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 71532 |
published | 2013-12-19 |
reporter | Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/71532 |
title | Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : gnupg vulnerability (USN-2059-1) |
NASL family | Amazon Linux Local Security Checks |
NASL id | ALA_ALAS-2014-278.NASL |
description | GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 72296 |
published | 2014-02-05 |
reporter | This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/72296 |
title | Amazon Linux AMI : gnupg (ALAS-2014-278) |
NASL family | Red Hat Local Security Checks |
NASL id | REDHAT-RHSA-2014-0016.NASL |
description | An updated gnupg package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to side-channel attacks via acoustic cryptanalysis. An attacker in close range to a target system that is decrypting ciphertexts could possibly use this flaw to recover the RSA secret key from that system. (CVE-2013-4576) Red Hat would like to thank Werner Koch of GnuPG upstream for reporting this issue. Upstream acknowledges Genkin, Shamir, and Tromer as the original reporters. All gnupg users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 71878 |
published | 2014-01-09 |
reporter | This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/71878 |
title | RHEL 5 : gnupg (RHSA-2014:0016) |
NASL family | Oracle Linux Local Security Checks |
NASL id | ORACLELINUX_ELSA-2014-0016.NASL |
description | From Red Hat Security Advisory 2014:0016 : An updated gnupg package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to side-channel attacks via acoustic cryptanalysis. An attacker in close range to a target system that is decrypting ciphertexts could possibly use this flaw to recover the RSA secret key from that system. (CVE-2013-4576) Red Hat would like to thank Werner Koch of GnuPG upstream for reporting this issue. Upstream acknowledges Genkin, Shamir, and Tromer as the original reporters. All gnupg users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 71876 |
published | 2014-01-09 |
reporter | This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/71876 |
title | Oracle Linux 5 : gnupg (ELSA-2014-0016) |
NASL family | Slackware Local Security Checks |
NASL id | SLACKWARE_SSA_2013-354-01.NASL |
description | New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 71573 |
published | 2013-12-23 |
reporter | This script is Copyright (C) 2013-2014 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/71573 |
title | Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : gnupg (SSA:2013-354-01) |
NASL family | Fedora Local Security Checks |
NASL id | FEDORA_2013-23678.NASL |
description | What |
last seen | 2020-03-17 |
modified | 2013-12-30 |
plugin id | 71767 |
published | 2013-12-30 |
reporter | This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/71767 |
title | Fedora 18 : gnupg-1.4.16-2.fc18 (2013-23678) |
NASL family | Huawei Local Security Checks |
NASL id | EULEROS_SA-2019-2205.NASL |
description | According to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.(CVE-2014-5270) - libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.(CVE-2017-7526) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
last seen | 2020-05-08 |
modified | 2019-11-08 |
plugin id | 130667 |
published | 2019-11-08 |
reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/130667 |
title | EulerOS 2.0 SP5 : libgcrypt (EulerOS-SA-2019-2205) |
Redhat
advisories | bugzilla | id | 1043327 | title | CVE-2013-4576 gnupg: RSA secret key recovery via acoustic cryptanalysis |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 5 is installed | oval | oval:com.redhat.rhba:tst:20070331005 |
comment | gnupg is earlier than 0:1.4.5-18.el5_10.1 | oval | oval:com.redhat.rhsa:tst:20140016001 |
comment | gnupg is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhsa:tst:20070107002 |
|
|
| rhsa | id | RHSA-2014:0016 | released | 2014-01-08 | severity | Moderate | title | RHSA-2014:0016: gnupg security update (Moderate) |
|
|
rpms | - gnupg-0:1.4.5-18.el5_10.1
- gnupg-debuginfo-0:1.4.5-18.el5_10.1
|