GNU Privacy Guard up to 1.2.1 Key Validation authentication spoofing
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.9 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in GNU Privacy Guard up to 1.2.1. Affected by this vulnerability is an unknown functionality of the component Key Validation Handler. This manipulation causes authentication spoofing. The identification of this vulnerability is CVE-2003-0255. Furthermore, there is an exploit available. You should upgrade the affected component.
Details
A vulnerability classified as critical was found in GNU Privacy Guard up to 1.2.1. Affected by this vulnerability is some unknown functionality of the component Key Validation Handler. The manipulation with an unknown input leads to a authentication spoofing vulnerability. The CWE definition for the vulnerability is CWE-290. This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. As an impact it is known to affect confidentiality, and integrity. The summary by CVE is:
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
The bug was discovered 05/03/2003. The weakness was shared 05/03/2003 by David Shaw as confirmed advisory (CERT.org). The advisory is shared at kb.cert.org. This vulnerability is known as CVE-2003-0255 since 05/06/2003. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details are unknown but an exploit is available.
After immediately, there has been an exploit disclosed. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 14044 (Mandrake Linux Security Advisory : gnupg (MDKSA-2003:061)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Mandriva Local Security Checks and running in the context l.
Upgrading to version 1.2.2 eliminates this vulnerability. A possible mitigation has been published 3 weeks after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (11930), Tenable (14044), SecurityFocus (BID 7497†), OSVDB (4947†) and Vulnerability Center (SBV-8623†). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.gnu.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 5.9
VulDB Base Score: 6.5
VulDB Temp Score: 5.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Authentication spoofingCWE: CWE-290 / CWE-287
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 14044
Nessus Name: Mandrake Linux Security Advisory : gnupg (MDKSA-2003:061)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍
Upgrade: Privacy Guard 1.2.2
Timeline
05/03/2003 🔍05/03/2003 🔍
05/03/2003 🔍
05/03/2003 🔍
05/05/2003 🔍
05/06/2003 🔍
05/22/2003 🔍
05/27/2003 🔍
03/17/2004 🔍
07/31/2004 🔍
07/24/2005 🔍
08/11/2014 🔍
12/26/2024 🔍
Sources
Vendor: gnu.orgAdvisory: kb.cert.org
Researcher: David Shaw
Status: Confirmed
CVE: CVE-2003-0255 (🔍)
GCVE (CVE): GCVE-0-2003-0255
GCVE (VulDB): GCVE-100-20449
OVAL: 🔍
CERT: 🔍
X-Force: 11930
SecurityFocus: 7497 - GNU Privacy Guard Insecure Trust Path To User ID Weakness
OSVDB: 4947 - GnuPG Multiple Userid Key Validity
Vulnerability Center: 8623 - GnuPG < 1.2.2 Does Not Determine Validity of Keys with Multiple User IDs, Critical
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 08/11/2014 23:56Updated: 12/26/2024 13:13
Changes: 08/11/2014 23:56 (78), 06/07/2019 09:22 (2), 12/26/2024 13:13 (17)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.