CVE-2003-0971 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2003-0971
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2003-0971

Description: GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.

CVE Status: Candidate

References: SUSE http://www.novell.com/linux/security/advisories/2003_048_gpg.html SGI SAID Secunia Advisory: SA10304 Secunia Advisory: SA10349 Secunia Advisory: SA10399 Secunia Advisory: SA10400 REDHAT http://www.redhat.com/support/errata/RHSA-2003-395.html http://www.redhat.com/support/errata/RHSA-2003-390.html MANDRAKE http://www.mandriva.com/security/advisories?name=MDKSA-2003:109 DEBIAN http://www.debian.org/security/2004/dsa-429 CONFIRM http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000798 CERT-VN 940388 BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=106995769213221&w=2 BID 9115

Return to the previous page.