FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2003-0971

This CVE name corresponds to:

Entered Topic
2003-12-12 ElGamal sign+encrypt keys created by GnuPG can be compromised

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2003-0971 at cve.mitre.org

Details

Type Candidate
Name CVE-2003-0971
Phase Assigned(20031201)

Description

GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.

References

Source Reference
BUGTRAQ 20031127 GnuPG's ElGamal signing keys compromised
CONFIRM http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html
CONFIRM http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html
MANDRAKE MDKSA-2003:109
CONECTIVA CLA-2003:798
SGI 20040202-01-U
SUSE SuSE-SA:2003:048
REDHAT RHSA-2003:390
REDHAT RHSA-2003:395
DEBIAN DSA-429
CERT-VN VU#940388
BID 9115
OVAL oval:org.mitre.oval:def:10982
SECUNIA 10304
SECUNIA 10349
SECUNIA 10399
SECUNIA 10400

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.