Vulnerability Name:

CVE-2013-4576 (CCN-89846)

Assigned:2013-12-18
Published:2013-12-18
Updated:2017-08-29
Summary:GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption.
Note: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.9 Low (REDHAT CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:N/A:N)
2.1 Low (REDHAT Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-255
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2013-4576

Source: MLIST
Type: Patch, Vendor Advisory
[gnupg-devel] 20131218 [Announce] [security fix] GnuPG 1.4.16 released

Source: OSVDB
Type: UNKNOWN
101170

Source: CCN
Type: RHSA-2014-0016
Moderate: gnupg security update

Source: REDHAT
Type: UNKNOWN
RHSA-2014:0016

Source: CCN
Type: oss-sec Mailing List, TWed, 18 Dec 2013 20:14:58 +0400
GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)

Source: MLIST
Type: UNKNOWN
[oss-security] 20131218 GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)

Source: MLIST
Type: UNKNOWN
[oss-security] 20131218 Re: GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)

Source: MISC
Type: UNKNOWN
http://www.cs.tau.ac.il/~tromer/acoustic/

Source: DEBIAN
Type: UNKNOWN
DSA-2821

Source: CCN
Type: GnuPG Web site
The GNU Privacy Guard

Source: CCN
Type: OSVDB ID: 101170
GnuPG Computer Processor 4096-bit RSA Key Acoustic Cryptanalysis Compromise

Source: BID
Type: UNKNOWN
64424

Source: CCN
Type: BID-64424
GnuPG RSA Key Extraction Information Disclosure Vulnerability

Source: SECTRACK
Type: UNKNOWN
1029513

Source: MISC
Type: UNKNOWN
http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf

Source: UBUNTU
Type: UNKNOWN
USN-2059-1

Source: XF
Type: UNKNOWN
gunpg-cve20134576-info-disclosure(89846)

Source: XF
Type: UNKNOWN
gunpg-cve20134576-info-disclosure(89846)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-4576

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnupg:gnupg:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.0.4:-:win32:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.0.5:-:win32:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.2.1:windows:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.3.90:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.3.91:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.3.92:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.3.93:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:1.4.14:*:*:*:*:*:*:*
  • OR cpe:/a:gnupg:gnupg:*:*:*:*:*:*:*:* (Version <= 1.4.15)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnupg:gnupg:1.4.15:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:20478
    P
    		USN-2059-1 -- gnupg vulnerability
    2014-07-07
    oval:org.mitre.oval:def:21251
    P
    		RHSA-2014:0016: gnupg security update (Moderate)
    2014-06-30
    oval:org.mitre.oval:def:20781
    P
    		DSA-2821-1 gnupg - side channel attack
    2014-06-23
    oval:org.mitre.oval:def:23305
    P
    		ELSA-2014:0016: gnupg security update (Moderate)
    2014-05-26
    oval:com.redhat.rhsa:def:20140016
    P
    		RHSA-2014:0016: gnupg security update (Moderate)
    2014-01-08
    oval:com.ubuntu.precise:def:20134576000
    V
    		CVE-2013-4576 on Ubuntu 12.04 LTS (precise) - medium.
    2013-12-20
    BACK
    gnupg gnupg 1.0.0
    gnupg gnupg 1.0.1
    gnupg gnupg 1.0.2
    gnupg gnupg 1.0.3
    gnupg gnupg 1.0.4
    gnupg gnupg 1.0.4 -
    gnupg gnupg 1.0.5
    gnupg gnupg 1.0.5 -
    gnupg gnupg 1.0.6
    gnupg gnupg 1.0.7
    gnupg gnupg 1.2.0
    gnupg gnupg 1.2.1
    gnupg gnupg 1.2.1 windows
    gnupg gnupg 1.2.2
    gnupg gnupg 1.2.3
    gnupg gnupg 1.2.4
    gnupg gnupg 1.2.5
    gnupg gnupg 1.2.6
    gnupg gnupg 1.2.7
    gnupg gnupg 1.3.0
    gnupg gnupg 1.3.1
    gnupg gnupg 1.3.2
    gnupg gnupg 1.3.3
    gnupg gnupg 1.3.4
    gnupg gnupg 1.3.6
    gnupg gnupg 1.3.90
    gnupg gnupg 1.3.91
    gnupg gnupg 1.3.92
    gnupg gnupg 1.3.93
    gnupg gnupg 1.4
    gnupg gnupg 1.4.0
    gnupg gnupg 1.4.2
    gnupg gnupg 1.4.3
    gnupg gnupg 1.4.4
    gnupg gnupg 1.4.5
    gnupg gnupg 1.4.6
    gnupg gnupg 1.4.8
    gnupg gnupg 1.4.10
    gnupg gnupg 1.4.11
    gnupg gnupg 1.4.12
    gnupg gnupg 1.4.13
    gnupg gnupg 1.4.14
    gnupg gnupg *
    gnupg gnupg 1.4.15
    redhat enterprise linux 5
    redhat enterprise linux 5