cve-2013-4576
Vulnerability from cvelistv5
Published
2013-12-20 21:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:45:14.839Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "64424", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/64424", }, { name: "USN-2059-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2059-1", }, { name: "101170", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/101170", }, { name: "[gnupg-devel] 20131218 [Announce] [security fix] GnuPG 1.4.16 released", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html", }, { name: "RHSA-2014:0016", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0016.html", }, { name: "1029513", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029513", }, { name: "gunpg-cve20134576-info-disclosure(89846)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89846", }, { name: "DSA-2821", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2821", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf", }, { name: "[oss-security] 20131218 Re: GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2013/q4/523", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.cs.tau.ac.il/~tromer/acoustic/", }, { name: "[oss-security] 20131218 GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2013/q4/520", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-12-18T00:00:00", descriptions: [ { lang: "en", value: "GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "64424", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/64424", }, { name: "USN-2059-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2059-1", }, { name: "101170", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/101170", }, { name: "[gnupg-devel] 20131218 [Announce] [security fix] GnuPG 1.4.16 released", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html", }, { name: "RHSA-2014:0016", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0016.html", }, { name: "1029513", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029513", }, { name: "gunpg-cve20134576-info-disclosure(89846)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89846", }, { name: "DSA-2821", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2821", }, { tags: [ "x_refsource_MISC", ], url: "http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf", }, { name: "[oss-security] 20131218 Re: GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2013/q4/523", }, { tags: [ "x_refsource_MISC", ], url: "http://www.cs.tau.ac.il/~tromer/acoustic/", }, { name: "[oss-security] 20131218 GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2013/q4/520", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-4576", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "64424", refsource: "BID", url: "http://www.securityfocus.com/bid/64424", }, { name: "USN-2059-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2059-1", }, { name: "101170", refsource: "OSVDB", url: "http://osvdb.org/101170", }, { name: "[gnupg-devel] 20131218 [Announce] [security fix] GnuPG 1.4.16 released", refsource: "MLIST", url: "http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html", }, { name: "RHSA-2014:0016", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0016.html", }, { name: "1029513", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029513", }, { name: "gunpg-cve20134576-info-disclosure(89846)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89846", }, { name: "DSA-2821", refsource: "DEBIAN", url: "http://www.debian.org/security/2013/dsa-2821", }, { name: "http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf", refsource: "MISC", url: "http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf", }, { name: "[oss-security] 20131218 Re: GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)", refsource: "MLIST", url: "http://seclists.org/oss-sec/2013/q4/523", }, { name: "http://www.cs.tau.ac.il/~tromer/acoustic/", refsource: "MISC", url: "http://www.cs.tau.ac.il/~tromer/acoustic/", }, { name: "[oss-security] 20131218 GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)", refsource: "MLIST", url: "http://seclists.org/oss-sec/2013/q4/520", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4576", datePublished: "2013-12-20T21:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:45:14.839Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.4.15\", \"matchCriteriaId\": \"3A287B57-D002-4A42-96F1-E1F701F9762C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6863306-F7B8-47D9-8FF9-4340FC6D718F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA95D254-1D85-4523-9DF2-8A07BF05573E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E24FB9C-1CA9-4A1B-8AF6-06B3C1865EF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D07D0653-4538-47D8-AB8F-0A23D65F0AE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95E18355-65AF-4DB4-B6B2-431D7788FF23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.4:-:win32:*:*:*:*:*\", \"matchCriteriaId\": \"0E61804F-21BA-4850-B859-D69C80F37FFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88C40692-FE9F-48D6-9AEB-5F35FA369980\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.5:-:win32:*:*:*:*:*\", \"matchCriteriaId\": \"585F51C8-2FDC-46CE-9F71-ED9EE2ADA472\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18395DAB-24DA-4ABD-ABD8-38A49417B052\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6228E3FF-5EB4-4F46-9EA8-1B114947994D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96DEF388-2B09-4212-8AF5-9FE54CCAFEC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A798490-741B-4EB4-B1D9-353A181A7AA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.1:windows:*:*:*:*:*:*\", \"matchCriteriaId\": \"F781A379-57DF-4D1E-8B85-4FD637E4B967\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8466E9BD-5623-40EE-A604-0F29C3520B63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E98B61C-7093-4251-B1D8-59B647C2DF6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F9FCAC0-08D1-4044-A506-4AC14BF381CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"545E4C50-229D-4B27-9DB2-9D1204451A9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D50A16A8-9C96-47CB-B18B-AE79C754ABBC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08877372-B7DD-4543-84A8-C40D2BA100F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7135BE6C-E797-4C41-BCD5-161DC7561433\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E909F1D4-AFB1-43F3-9635-E318D64099B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB4AAE4C-3F59-46D3-A38E-CC5DFCBEC3DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"688CDCA9-2809-4C0E-9DBC-133F48D56BEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"564B521B-3C7C-46CF-94E8-A368AF81DA54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC04BFA0-C7B0-4F70-9676-8156C9CE18AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F43CE80-06BC-4448-9033-F2F88663C527\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.91:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7181202-BC32-4F1E-9EF8-F544CCDA1671\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F55827F8-CC36-45DA-8F9E-1F520911EB12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.93:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCEAA5DF-33D1-4D4A-BA01-4BC863DBC272\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"365FF476-1FFD-4E09-900C-50E0660766AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28374619-966D-4F38-B83E-A6296F27CC05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22A28CDF-F2AF-4D49-9FB1-AED34A758289\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6399A22D-90DF-4CB5-9367-0C5242BD1A2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D63B0B4A-3998-4A4F-AD7A-BB8CEBE897B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDA6934A-3D02-4749-A147-BE538C0AF27F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B238CA5-3B4D-4D6A-92CA-39A7CD57AF40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC6150E3-1D7C-44DA-BA57-35AB26F881B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EB20A34-5E11-4D70-B3DE-66DD9863AE0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA47467D-3D96-46DB-B0AC-D28586829710\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68B68F2F-0718-4C87-9629-4657DC49EECC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69D492F9-2064-488A-BD16-99DD865D2BF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4929286-63C2-45D0-B0C7-E14438D82883\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.\"}, {\"lang\": \"es\", \"value\": \"GnuPG 1.x anteriores a 1.4.16 genera claves RSA utilizando secuencias de introducciones con ciertos patrones que introducen un ataque de canal lateral, lo cual permite a atacantes f\\u00edsicamente pr\\u00f3ximos extraer claves RSA a trav\\u00e9s de un ataque de texto cifrado elegido y criptoan\\u00e1lisis ac\\u00fastico durante el descifrado. NOTA: normalmente no se espera de las aplicaciones que se protejan ante ataques laterales ac\\u00fasticos, dado que esto es responsabilidad del dispositivo f\\u00edsico. De esta manera, problemas de este tipo no recibir\\u00e1n normalmente un identificador CVE. En cualquier caso, para este problema, el desarrollador a especificado una pol\\u00edtica de seguridad en la cual GnuPG deber\\u00eda ofrecer resistencia ante cnales laterales, y violaciones de pol\\u00edticas de seguridad espec\\u00edficas para los desarrolladores est\\u00e1n dentro del \\u00e1mbito de CVE.\"}]", id: "CVE-2013-4576", lastModified: "2024-11-21T01:55:51.773", metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2013-12-20T21:55:06.930", references: "[{\"url\": \"http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/101170\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-0016.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://seclists.org/oss-sec/2013/q4/520\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://seclists.org/oss-sec/2013/q4/523\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.cs.tau.ac.il/~tromer/acoustic/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2013/dsa-2821\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/64424\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id/1029513\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2059-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/89846\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/101170\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-0016.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/oss-sec/2013/q4/520\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/oss-sec/2013/q4/523\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cs.tau.ac.il/~tromer/acoustic/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2013/dsa-2821\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/64424\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1029513\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2059-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/89846\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-255\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2013-4576\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-12-20T21:55:06.930\",\"lastModified\":\"2024-11-21T01:55:51.773\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.\"},{\"lang\":\"es\",\"value\":\"GnuPG 1.x anteriores a 1.4.16 genera claves RSA utilizando secuencias de introducciones con ciertos patrones que introducen un ataque de canal lateral, lo cual permite a atacantes físicamente próximos extraer claves RSA a través de un ataque de texto cifrado elegido y criptoanálisis acústico durante el descifrado. NOTA: normalmente no se espera de las aplicaciones que se protejan ante ataques laterales acústicos, dado que esto es responsabilidad del dispositivo físico. De esta manera, problemas de este tipo no recibirán normalmente un identificador CVE. En cualquier caso, para este problema, el desarrollador a especificado una política de seguridad en la cual GnuPG debería ofrecer resistencia ante cnales laterales, y violaciones de políticas de seguridad específicas para los desarrolladores están dentro del ámbito de CVE.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.4.15\",\"matchCriteriaId\":\"3A287B57-D002-4A42-96F1-E1F701F9762C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6863306-F7B8-47D9-8FF9-4340FC6D718F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA95D254-1D85-4523-9DF2-8A07BF05573E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E24FB9C-1CA9-4A1B-8AF6-06B3C1865EF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D07D0653-4538-47D8-AB8F-0A23D65F0AE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95E18355-65AF-4DB4-B6B2-431D7788FF23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.4:-:win32:*:*:*:*:*\",\"matchCriteriaId\":\"0E61804F-21BA-4850-B859-D69C80F37FFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88C40692-FE9F-48D6-9AEB-5F35FA369980\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.5:-:win32:*:*:*:*:*\",\"matchCriteriaId\":\"585F51C8-2FDC-46CE-9F71-ED9EE2ADA472\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18395DAB-24DA-4ABD-ABD8-38A49417B052\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6228E3FF-5EB4-4F46-9EA8-1B114947994D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96DEF388-2B09-4212-8AF5-9FE54CCAFEC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A798490-741B-4EB4-B1D9-353A181A7AA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.1:windows:*:*:*:*:*:*\",\"matchCriteriaId\":\"F781A379-57DF-4D1E-8B85-4FD637E4B967\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8466E9BD-5623-40EE-A604-0F29C3520B63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E98B61C-7093-4251-B1D8-59B647C2DF6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F9FCAC0-08D1-4044-A506-4AC14BF381CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"545E4C50-229D-4B27-9DB2-9D1204451A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D50A16A8-9C96-47CB-B18B-AE79C754ABBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08877372-B7DD-4543-84A8-C40D2BA100F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7135BE6C-E797-4C41-BCD5-161DC7561433\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E909F1D4-AFB1-43F3-9635-E318D64099B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB4AAE4C-3F59-46D3-A38E-CC5DFCBEC3DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"688CDCA9-2809-4C0E-9DBC-133F48D56BEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"564B521B-3C7C-46CF-94E8-A368AF81DA54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC04BFA0-C7B0-4F70-9676-8156C9CE18AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F43CE80-06BC-4448-9033-F2F88663C527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7181202-BC32-4F1E-9EF8-F544CCDA1671\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F55827F8-CC36-45DA-8F9E-1F520911EB12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.93:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCEAA5DF-33D1-4D4A-BA01-4BC863DBC272\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"365FF476-1FFD-4E09-900C-50E0660766AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28374619-966D-4F38-B83E-A6296F27CC05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22A28CDF-F2AF-4D49-9FB1-AED34A758289\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6399A22D-90DF-4CB5-9367-0C5242BD1A2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D63B0B4A-3998-4A4F-AD7A-BB8CEBE897B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDA6934A-3D02-4749-A147-BE538C0AF27F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B238CA5-3B4D-4D6A-92CA-39A7CD57AF40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC6150E3-1D7C-44DA-BA57-35AB26F881B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EB20A34-5E11-4D70-B3DE-66DD9863AE0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA47467D-3D96-46DB-B0AC-D28586829710\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68B68F2F-0718-4C87-9629-4657DC49EECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69D492F9-2064-488A-BD16-99DD865D2BF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4929286-63C2-45D0-B0C7-E14438D82883\"}]}]}],\"references\":[{\"url\":\"http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/101170\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0016.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/oss-sec/2013/q4/520\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/oss-sec/2013/q4/523\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.cs.tau.ac.il/~tromer/acoustic/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2013/dsa-2821\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/64424\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1029513\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2059-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/89846\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/101170\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/oss-sec/2013/q4/520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/oss-sec/2013/q4/523\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cs.tau.ac.il/~tromer/acoustic/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2013/dsa-2821\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/64424\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1029513\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2059-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/89846\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.