Vulnerability Name: | CVE-2001-0072 (CCN-5803) | ||||||||
Assigned: | 2000-12-20 | ||||||||
Published: | 2000-12-20 | ||||||||
Updated: | 2017-10-10 | ||||||||
Summary: | gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Wed Dec 20 2000 - 07:53:45 CST Trustix Security Advisory - gnupg, ftpd-BSD Source: MITRE Type: CNA CVE-2001-0072 Source: CONECTIVA Type: UNKNOWN CLA-2000:368 Source: CCN Type: Immunix OS Security Advisory IMNX-2001-70-018-01 gnupg Source: CCN Type: RHSA-2000-131 Updated gnupg packages now available Source: DEBIAN Type: UNKNOWN DSA-010-1 Source: MANDRAKE Type: UNKNOWN MDKSA-2000-087 Source: OSVDB Type: UNKNOWN 1702 Source: CCN Type: OSVDB ID: 1702 GnuPG Private Key Silent Import Source: REDHAT Type: UNKNOWN RHSA-2000:131 Source: BUGTRAQ Type: UNKNOWN 20001220 Trustix Security Advisory - gnupg, ftpd-BSD Source: BID Type: Patch, Vendor Advisory 2153 Source: CCN Type: BID-2153 GnuPG Silent Import of Secret Keys Vulnerability Source: CCN Type: MandrakeSoft Security Advisory MDKSA-2000:087 gnupg Source: XF Type: UNKNOWN gnupg-reveal-private(5803) Source: XF Type: UNKNOWN gnupg-reveal-private(5803) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |