blob: ab8cd2c33a84dfb8137a11da8ca6643bb3e92982 (
plain) (
tree)
|
|
<vuln vid="81313647-2d03-11d8-9355-0020ed76ef5a">
<topic>ElGamal sign+encrypt keys created by GnuPG can be compromised</topic>
<affects>
<package>
<name>gnupg</name>
<range><ge>1.0.2</ge><lt>1.2.3_4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Any ElGamal sign+encrypt keys created by GnuPG contain a
cryptographic weakness that may allow someone to obtain
the private key. <strong>These keys should be considered
unusable and should be revoked.</strong></p>
<p>The following summary was written by Werner Koch, GnuPG
author:</p>
<blockquote cite="http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html">
<p>Phong Nguyen identified a severe bug in the way GnuPG
creates and uses ElGamal keys for signing. This is
a significant security failure which can lead to a
compromise of almost all ElGamal keys used for signing.
Note that this is a real world vulnerability which will
reveal your private key within a few seconds.</p>
<p>...</p>
<p>Please <em>take immediate action and revoke your ElGamal
signing keys</em>. Furthermore you should take whatever
measures necessary to limit the damage done for signed or
encrypted documents using that key.</p>
<p>Note that the standard keys as generated by GnuPG (DSA
and ElGamal encryption) as well as RSA keys are NOT
vulnerable. Note also that ElGamal signing keys cannot
be generated without the use of a special flag to enable
hidden options and even then overriding a warning message
about this key type. See below for details on how to
identify vulnerable keys.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2003-0971</cvename>
<mlist>http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html</mlist>
</references>
<dates>
<discovery>2003-11-27</discovery>
<entry>2003-12-12</entry>
</dates>
</vuln>
<vuln vid="f04cc5cb-2d0b-11d8-beaf-000a95c4d922">
<topic>bind8 negative cache poison attack</topic>
<affects>
<package>
<name>bind</name>
<range><ge>8.3</ge><lt>8.3.7</lt></range>
<range><ge>8.4</ge><lt>8.4.3</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>5.1</ge><lt>5.1_11</lt></range>
<range><ge>5.0</ge><lt>5.0_19</lt></range>
<range><ge>4.9</ge><lt>4.9_1</lt></range>
<range><ge>4.8</ge><lt>4.8_14</lt></range>
<range><ge>4.7</ge><lt>4.7_24</lt></range>
<range><ge>4.6</ge><lt>4.6.2_27</lt></range>
<range><ge>4.5</ge><lt>4.5_37</lt></range>
<range><lt>4.4_47</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A programming error in BIND 8 named can result in a DNS
message being incorrectly cached as a negative response. As
a result, an attacker may arrange for malicious DNS messages
to be delivered to a target name server, and cause that name
server to cache a negative response for some target domain
name. The name server would thereafter respond negatively
to legitimate queries for that domain name, resulting in a
denial-of-service for applications that require DNS.</p>
</body>
</description>
<references>
<cvename>CVE-2003-0914</cvename>
<freebsdsa>SA-03:19.bind</freebsdsa>
<certvu>734644</certvu>
</references>
<dates>
<discovery>2003-11-28</discovery>
<entry>2003-12-12</entry>
<modified>2004-05-05</modified>
</dates>
</vuln>
<vuln vid="96fdbf5b-2cfd-11d8-9355-0020ed76ef5a">
<topic>Mathopd buffer overflow</topic>
<affects>
<package>
<name>mathopd</name>
<range><lt>1.4p2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mathopd contains a buffer overflow in the prepare_reply()
function that may be remotely exploitable.</p>
</body>
</description>
<references>
<url>http://www.mail-archive.com/mathopd%40mathopd.org/msg00136.html</url>
</references>
<dates>
<discovery>2003-12-04</discovery>
<entry>2003-12-12</entry>
</dates>
</vuln>
<vuln vid="d7af61c8-2cc0-11d8-9355-0020ed76ef5a">
<topic>lftp HTML parsing vulnerability</topic>
<affects>
<package>
<name>lftp</name>
<range><le>2.6.10</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A buffer overflow exists in lftp which may be triggered when
requesting a directory listing from a malicious server over
HTTP.</p>
</body>
</description>
<references>
<cvename>CVE-2003-0963</cvename>
<url>http://lftp.yar.ru/news.html#2.6.10</url>
</references>
<dates>
<discovery>2003-12-11</discovery>
<entry>2003-12-12</entry>
</dates>
</vuln>
<vuln vid="ebdf65c7-2ca6-11d8-9355-0020ed76ef5a">
<topic>qpopper format string vulnerability</topic>
<affects>
<package>
<name>qpopper</name>
<range><lt>2.53_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>An authenticated user may trigger a format string
vulnerability present in qpopper's UIDL code, resulting
in arbitrary code execution with group ID `mail'
privileges.</p>
</body>
</description>
<references>
<bid>1241</bid>
<cvename>CVE-2000-0442</cvename>
<url>http://www.netsys.com/suse-linux-security/2000-May/att-0137/01-b0f5-Qpopper.txt</url>
</references>
<dates>
<discovery>2000-05-23</discovery>
<entry>2003-12-12</entry>
</dates>
</vuln>
<vuln vid="af0296be-2455-11d8-82e5-0020ed76ef5a">
<topic>fetchmail -- address parsing vulnerability</topic>
<affects>
<package>
<name>fetchmail</name>
<range><le>6.2.0</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Fetchmail can be crashed by a malicious email message.</p>
</body>
</description>
<references>
<url>http://security.e-matters.de/advisories/052002.html</url>
</references>
<dates>
<discovery>2003-10-25</discovery>
<entry>2003-10-25</entry>
<modified>2012-09-04</modified>
</dates>
</vuln>
<vuln vid="2bcd2d24-24ca-11d8-82e5-0020ed76ef5a">
<topic>Buffer overflow in pam_smb password handling</topic>
<affects>
<package>
<name>pam_smb</name>
<range><lt>1.9.9_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Applications utilizing pam_smb can be compromised by
any user who can enter a password. In many cases,
this is a remote root compromise.</p>
</body>
</description>
<references>
<url>http://www.skynet.ie/~airlied/pam_smb/</url>
<cvename>CVE-2003-0686</cvename>
</references>
<dates>
<discovery>2003-10-25</discovery>
<entry>2003-10-25</entry>
<modified>2003-10-25</modified>
</dates>
</vuln>
<vuln vid="c4b7badf-24ca-11d8-82e5-0020ed76ef5a">
<topic>Buffer overflows in libmcrypt</topic>
<affects>
<package>
<name>libmcrypt</name>
<range><lt>2.5.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>libmcrypt does incomplete input validation, leading to
several buffer overflows. Additionally,
a memory leak is present. Both of these problems may be
exploited in a denial-of-service attack.</p>
</body>
</description>
<references>
<mlist>http://marc.theaimsgroup.com/?l=bugtraq&m=104162752401212&w=2</mlist>
<cvename>CVE-2003-0031</cvename>
<cvename>CVE-2003-0032</cvename>
</references>
<dates>
<discovery>2003-10-25</discovery>
<entry>2003-10-25</entry>
<modified>2003-10-25</modified>
</dates>
</vuln>
<vuln vid="6fd9a1e9-efd3-11d8-9837-000c41e2cdad">
<cancelled/>
</vuln>
<vuln vid="3362f2c1-8344-11d8-a41f-0020ed76ef5a">
<cancelled/>
</vuln>
|
