From 053cdd10d995f1d12fa9b4ce006c19fb05fc9c82 Mon Sep 17 00:00:00 2001 From: "Simon L. B. Nielsen" Date: Sun, 31 Jul 2005 13:23:50 +0000 Subject: [PATCH] Document gnupg -- OpenPGP symmetric encryption vulnerability. Note: this is mainly a theoretical vulnerability. --- security/vuxml/vuln.xml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3601f3525f3f..ab09eb2ba39e 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,43 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + gnupg -- OpenPGP symmetric encryption vulnerability + + + gnupg + 1.4.1 + + + + +

Serge Mister and Robert Zuccherato reports that the OpenPGP + protocol is vulnerable to a cryptographic attack when using + symmetric encryption in an automated way.

+

David Shaw reports about the impact:

+
+

This attack, while very significant from a cryptographic + point of view, is not generally effective in the real + world. To be specific, unless you have your OpenPGP + program set up as part of an automated system to accept + encrypted messages, decrypt them, and then provide a + response to the submitter, then this does not affect you + at all.

+
+ + + + 303094 + CAN-2005-0366 + http://eprint.iacr.org/2005/033 + http://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000191.html + + + 2005-02-08 + 2005-07-31 + + + vim -- vulnerabilities in modeline handling: glob, expand