Vulnerability CVE-2014-5270

Vulnerability Name:

CVE-2014-5270 (CCN-95206)

Assigned:

2014-08-11

Published:

2014-08-11

Updated:

2017-11-04

Summary:

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2014-5270

Source: MLIST
Type: Patch, Vendor Advisory
[gnupg-announce] 20140808 [security fix] Libgcrypt and GnuPG

Source: CCN
Type: oss-security Mailing List, Sat, 16 Aug 2014 00:58:11 -0400 (EDT)
Re: CVE request: libgcrypt, ELGAMAL side-channel attack

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20140816 Re: CVE request: libgcrypt, ELGAMAL side-channel attack

Source: CCN
Type: oss-security Mailing List, Mon, 11 Aug 2014 14:50:13 +1000
CVE request: libgcrypt, ELGAMAL side-channel attack

Source: MISC
Type: Technical Description
http://www.cs.tau.ac.il/~tromer/handsoff/

Source: DEBIAN
Type: UNKNOWN
DSA-3024

Source: DEBIAN
Type: Third Party Advisory
DSA-3073

Source: CCN
Type: GNU Web site
libgcrypt

Source: CCN
Type: BID-69164
libgcrypt Elgamal Encryption Subkeys Information Disclosure Vulnerability

Source: CCN
Type: Red Hat Bugzilla Bug 1128531
libgcrypt: ELGAMAL side-channel attack

Source: XF
Type: UNKNOWN
libgcrypt-subkeys-info-disc(95206)

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnupg:libgcrypt:1.4.0:*:*:*:*:*:*:*

OR cpe:/a:gnupg:libgcrypt:1.4.3:*:*:*:*:*:*:*

OR cpe:/a:gnupg:libgcrypt:1.4.4:*:*:*:*:*:*:*

OR cpe:/a:gnupg:libgcrypt:1.4.5:*:*:*:*:*:*:*

OR cpe:/a:gnupg:libgcrypt:1.4.6:*:*:*:*:*:*:*

OR cpe:/a:gnupg:libgcrypt:1.5.0:*:*:*:*:*:*:*

OR cpe:/a:gnupg:libgcrypt:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:gnupg:libgcrypt:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:gnupg:libgcrypt:*:*:*:*:*:*:*:* (Version <= 1.5.3)

Configuration 2:

cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20145270	V	CVE-2014-5270	2022-09-02
oval:org.opensuse.security:def:33112	P	Security update for python-numpy (Moderate) (in QA)	2022-01-17
oval:org.opensuse.security:def:34017	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:30280	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:55977	P	Security update for xen (Moderate)	2021-11-29
oval:org.opensuse.security:def:26163	P	Security update for bind (Important)	2021-11-11
oval:org.opensuse.security:def:33982	P	Security update for glibc (Moderate)	2021-10-06
oval:org.opensuse.security:def:30127	P	Security update for openssl (Low)	2021-09-20
oval:org.opensuse.security:def:34535	P	Security update for java-1_7_0-openjdk (Moderate)	2021-09-09
oval:org.opensuse.security:def:55939	P	Security update for python-PyYAML (Important)	2021-08-24
oval:org.opensuse.security:def:33702	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:56058	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:31666	P	Security update for MozillaFirefox (Important)	2021-08-17
oval:org.opensuse.security:def:33691	P	Security update for qemu (Important)	2021-07-28
oval:org.opensuse.security:def:34491	P	Security update for qemu (Important)	2021-07-22
oval:org.opensuse.security:def:33690	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:31654	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:33943	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:55214	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:26079	P	Security update for gupnp (Important)	2021-06-18
oval:org.opensuse.security:def:34466	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-15
oval:org.opensuse.security:def:26074	P	Security update for freeradius-server (Moderate)	2021-06-11
oval:org.opensuse.security:def:36188	P	libgcrypt11-1.5.0-0.17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:33921	P	Security update for the Linux Kernel (Important)	2021-06-08
oval:org.opensuse.security:def:32937	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:36449	P	libgcrypt-devel-1.5.0-0.17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42595	P	libgcrypt11-1.5.0-0.17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32108	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:34427	P	Security update for libxml2 (Moderate)	2021-05-05
oval:org.opensuse.security:def:31161	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:55865	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:33785	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:30041	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:33093	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:31740	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:32264	P	Security update for perl-XML-Twig (Moderate)	2021-03-01
oval:org.opensuse.security:def:26202	P	Security update for MozillaFirefox (Important)	2021-03-01
oval:org.opensuse.security:def:31655	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:54697	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:55773	P	Security update for mutt (Important)	2020-12-07
oval:org.opensuse.security:def:34320	P	Security update for python3 (Important)	2020-12-02
oval:org.opensuse.security:def:27296	P	strongswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29897	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27759	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:54534	P	libasan2-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32564	P	libpython2_6-1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27024	P	radvd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29256	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:27638	P	Security update for pcp	2020-12-01
oval:org.opensuse.security:def:30335	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:32430	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:28476	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:55108	P	fontconfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26469	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:28745	P	Security update for libgcrypt	2020-12-01
oval:org.opensuse.security:def:26575	P	krb5-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28014	P	Security update for audiofile (Moderate)	2020-12-01
oval:org.opensuse.security:def:57334	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:25738	P	Security update for libxslt (Moderate)	2020-12-01
oval:org.opensuse.security:def:26549	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28901	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:27295	P	star on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29765	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:32021	P	Security update for kernel-firmware (Moderate)	2020-12-01
oval:org.opensuse.security:def:34378	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26774	P	libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32486	P	amavisd-new on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26975	P	libtiff3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29212	P	Security update for patch (Important)	2020-12-01
oval:org.opensuse.security:def:33151	P	libgcrypt11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26010	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:27581	P	xorg-x11-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32408	P	Security update for wget (Moderate)	2020-12-01
oval:org.opensuse.security:def:27186	P	libgcrypt11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28465	P	Security update for xorg-x11-libXdmcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:54935	P	libsystemd0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26455	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:28710	P	Security update for icedtea-web	2020-12-01
oval:org.opensuse.security:def:26424	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:27975	P	Security update for LibVNCServer (Moderate)	2020-12-01
oval:org.opensuse.security:def:30486	P	Security update for CUPS	2020-12-01
oval:org.opensuse.security:def:25737	P	Security update for libpng12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26421	P	Security update for hdf5 (Important)	2020-12-01
oval:org.opensuse.security:def:28817	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:33261	P	strongswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29692	P	Security update for expat (Important)	2020-12-01
oval:org.opensuse.security:def:31964	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:26730	P	krb5-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29930	P	Security update for libgcrypt	2020-12-01
oval:org.opensuse.security:def:32475	P	Security update for xscreensaver (Moderate)	2020-12-01
oval:org.opensuse.security:def:26022	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:26922	P	java-1_7_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29195	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:25999	P	Security update for zziplib (Moderate)	2020-12-01
oval:org.opensuse.security:def:27499	P	libwebkit-1_0-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32369	P	Security update for tar (Moderate)	2020-12-01
oval:org.opensuse.security:def:27151	P	jakarta-commons-httpclient3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28464	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32850	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26416	P	Security update for nginx (Moderate)	2020-12-01
oval:org.opensuse.security:def:27121	P	fastjar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26340	P	Recommended update for openjpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:27926	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:30442	P	Security update for zsh (Moderate)	2020-12-01
oval:org.opensuse.security:def:26357	P	Security update for enigmail (Important)	2020-12-01
oval:org.opensuse.security:def:28760	P	Security update for pulseaudio	2020-12-01
oval:org.opensuse.security:def:55665	P	Security update for libpng16 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33238	P	procmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27447	P	libgcrypt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29681	P	Security update for ecryptfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:31872	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:34163	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:26716	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29894	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32474	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:25941	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26771	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29156	P	Security update for libtirpc, rpcbind (Important)	2020-12-01
oval:org.opensuse.security:def:25998	P	Security update for libreoffice (Important)	2020-12-01
oval:org.opensuse.security:def:27371	P	augeas-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32320	P	Security update for rzsz (Moderate)	2020-12-01
oval:org.opensuse.security:def:54557	P	libipa_hbac0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32793	P	system-config-printer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26367	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:27077	P	acpid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26283	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27873	P	Security update for quagga	2020-12-01
oval:org.opensuse.security:def:30423	P	Security update for xorg-x11-libXt	2020-12-01
oval:org.opensuse.security:def:26346	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:28675	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:55380	P	rzsz on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33199	P	logwatch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27412	P	glibc-html on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29680	P	Security update for ecryptfs-utils	2020-12-01
oval:org.opensuse.security:def:34074	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26677	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28072	P	Security update for freeradius-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:25813	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:26687	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29107	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:35213	P	Security update for libgcrypt	2020-12-01
oval:org.opensuse.security:def:27307	P	tcpdump on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29984	P	Security update for libsoup (Moderate)	2020-12-01
oval:org.opensuse.security:def:27794	P	Security update for libgcrypt	2020-12-01
oval:org.opensuse.security:def:54535	P	libblkid1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32699	P	ldapsmb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26314	P	Security update for iperf (Moderate)	2020-12-01
oval:org.opensuse.security:def:27063	P	xterm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31124	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:27722	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:30384	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:33305	P	yast2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26345	P	Security update for libgit2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28544	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:33150	P	libgcc_s1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26513	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26628	P	perl-HTML-Parser on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28028	P	Security update for bind (Moderate)	2020-12-01
oval:org.opensuse.security:def:57408	P	Security update for libgcrypt	2020-12-01
oval:org.opensuse.security:def:25749	P	Security update for pidgin (Moderate)	2020-12-01
oval:org.opensuse.security:def:26630	P	perl-spamassassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29053	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:35173	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.mitre.oval:def:27968	P	DSA-3073-1 -- libgcrypt11 security update	2015-01-26
oval:org.mitre.oval:def:26710	P	DSA-3024-1 gnupg - security update	2014-11-10
oval:org.mitre.oval:def:26547	P	SUSE-SU-2014:1077-1 -- Security update for libgcrypt	2014-11-10
oval:org.mitre.oval:def:26749	P	USN-2339-1 -- gnupg vulnerability	2014-10-27
oval:org.mitre.oval:def:25845	P	USN-2339-2 -- libgcrypt11 vulnerability	2014-10-27
oval:com.ubuntu.precise:def:20145270000	V	CVE-2014-5270 on Ubuntu 12.04 LTS (precise) - medium.	2014-10-09
oval:com.ubuntu.trusty:def:20145270000	V	CVE-2014-5270 on Ubuntu 14.04 LTS (trusty) - medium.	2014-10-09
oval:org.opensuse.security:def:80042	P	Security update for libgcrypt	2014-08-20

BACK