Nexpose Vulnerability Database
SuSE: gpg 1.2.5-3.2
Severity |
CVSS |
Published |
Added |
Modified |
|---|---|---|---|---|
| Severe (5) | 7.1 (AV:N/AC:M/Au:N/C:C/I:N/A:N) | Mar 3, 2005 | Nov 8, 2005 | Sep 16, 2010 |
Description:
The OpenPGP protocol was vulnerable to a timing-attack to gain plaintext from ciphertext. The timing difference appears as side effect of the so called quick scan and is only exploitable on systems that accept an arbitrary amount of ciphertext for automatic decryption.
References:
- SUSE: http://www.novell.com/linux/security/advisories.html
- URL: http://www.novell.com/linux/download/updates/92_x86_64.html
Solution:
Upgrade gpg
Download and apply the upgrade from: ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/gpg-1.2.5-3.10.x86_64.patch.rpm
Information on these pages is summary information extracted from the Nexpose Vulnerabilty Assessment system. Full details are provided within the Nexpose product for licensed users.
