Vulnerability Name:

CVE-2001-0381 (CCN-6558)

Assigned:2001-05-15
Published:2001-05-15
Updated:2017-07-11
Summary:The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
References:Source: CALDERA
Type: UNKNOWN
CSSA-2001-017.0

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2001-017.0
gnupg - private key retrieval vulnerability

Source: BUGTRAQ
Type: Vendor Advisory
20010319 Have they found a serious PGP vulnerability?!

Source: CCN
Type: BugTraq Mailing List, Mon Mar 19 2001 - 18:42:49 CST
Have they found a serious PGP vulnerability?!

Source: BUGTRAQ
Type: Vendor Advisory
20010320 Yes, they have found a serious PGP vulnerability...sort of

Source: CCN
Type: BugTraq Mailing List, Tue Mar 20 2001 - 14:16:08 CST
Yes, they have found a serious PGP vulnerability...sort of

Source: CCN
Type: BugTraq Mailing List, Wed Mar 21 2001 - 03:36:01 CST
Re: Have they found a serious PGP vulnerability?!

Source: BUGTRAQ
Type: Vendor Advisory
20010322 Re: Yes, they have found a serious PGP vulnerability...sort of

Source: MITRE
Type: CNA
CVE-2001-0381

Source: CCN
Type: RHSA-2001-063
Updated gnupg packages available

Source: OSVDB
Type: UNKNOWN
11966

Source: CCN
Type: OSVDB ID: 11966
OpenPGP / PGP Secret Key Ring Modification Private Key Disclosure

Source: REDHAT
Type: UNKNOWN
RHSA-2001:063

Source: BID
Type: UNKNOWN
2673

Source: CCN
Type: BID-2673
OpenPGP Private Key Attack Vulnerability

Source: CCN
Type: TurboLinux Security Announcement TLSA2001028
gnupg

Source: XF
Type: UNKNOWN
openpgp-private-key-disclosure(6558)

Source: XF
Type: UNKNOWN
openpgp-private-key-disclosure(6558)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:pgp:openpgp:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:privacy_guard:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:pgp:personal_privacy:-:*:*:*:*:*:*:*
  • OR cpe:/a:openpgp:openpgp:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.5:*:*:*:server:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    pgp openpgp *
    gnu privacy guard 1.0
    gnu privacy guard 1.0.1
    gnu privacy guard 1.0.2
    gnu privacy guard 1.0.3
    gnu privacy guard 1.0.4
    pgp personal privacy -
    openpgp openpgp *
    redhat linux 6.2
    redhat linux 7
    redhat linux 7.1
    turbolinux turbolinux 6.5
    turbolinux turbolinux 6.0.5
    redhat linux 7.2
    redhat linux 7.3