exploit the possibilities
Showing 1 - 9 of 9 RSS Feed

CVE-2014-5270

Status Candidate

Overview

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.

Related Files

Ubuntu Security Notice USN-2554-1
Posted Apr 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2554-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-3591, CVE-2014-5270, CVE-2015-0837, CVE-2015-1606, CVE-2015-1607
MD5 | 076618d0af514422a50aeaf16bd6d41e
Mandriva Linux Security Advisory 2015-154
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-154 - Updated gnupg, gnupg2 and libgcrypt packages fix security GnuPG versions before 1.4.17 and 2.0.24 are vulnerable to a denial of service which can be caused by garbled compressed data packets which may put gpg into an infinite loop. The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL side-channel attack. GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. The gnupg and gnupg2 package has been patched to correct these issues. GnuPG2 is vulnerable to these issues through the libgcrypt library. The issues were fixed in libgcrypt 1.6.3. The libgcrypt package in Mandriva, at version 1.5.4, was only vulnerable to the CVE-2014-3591 issue. It has also been patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-3591, CVE-2014-4617, CVE-2014-5270, CVE-2015-0837
MD5 | a9fde0a382a9277ba5a3eb8be545725b
Debian Security Advisory 3073-1
Posted Nov 17, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3073-1 - Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack.

tags | advisory
systems | linux, debian
advisories | CVE-2014-5270
MD5 | 1de78b856e4fab57eea71393e490cf93
Mandriva Linux Security Advisory 2014-180
Posted Sep 22, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-180 - The gnupg program before version 1.4.16 is vulnerable to an ELGAMAL side-channel attack.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-5270
MD5 | fd607a6534c92e1edca9f2aa0b534581
Debian Security Advisory 3024-1
Posted Sep 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3024-1 - Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal encryption subkeys.

tags | advisory
systems | linux, debian
advisories | CVE-2014-5270
MD5 | a6348280990a326c7f48b6f413f68a4d
Mandriva Linux Security Advisory 2014-176
Posted Sep 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-176 - The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL side-channel attack.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-5270
MD5 | 4657405c319444b46b77ea0b3b2f2d07
Ubuntu Security Notice USN-2339-2
Posted Sep 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2339-2 - Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-5270
MD5 | 4710cf1e69b599211ae202ccb51ea568
Ubuntu Security Notice USN-2339-1
Posted Sep 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2339-1 - Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-5270
MD5 | 7bc20392fda02ee584727cdf4a0e769e
Gentoo Linux Security Advisory 201408-10
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-10 - A vulnerability in Libgcrypt could allow a remote attacker to extract ElGamal private key information. Versions less than 1.5.4 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2014-5270
MD5 | 0690da9d71007e8aefe9f21221cca72f
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    23 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close