SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   GnuPG (Gnu Privacy Guard) Vendors:   Gnupg.org
GnuPG Incorrect Processing of Key Flags Subpacket May Let Users Bypass Security Controls
SecurityTracker Alert ID:  1029243
SecurityTracker URL:  http://securitytracker.com/id/1029243
CVE Reference:   CVE-2013-4351   (Links to External Site)
Date:  Oct 24 2013
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in GnuPG. A remote user may be able to bypass security controls.

When a key or subkey has all bits of the "key flags" subpacket cleared (off), the key is processed as if all bits are set (on). In some cases, an identity verification error may occur or a key may be used incorrectly.

Impact:   A remote user may be able to bypass security controls.
Solution:   The vendor has issued a fix.
Vendor URL:  gnupg.org/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 25 2013 (Red Hat Issues Fix) GnuPG Incorrect Processing of Key Flags Subpacket May Let Users Bypass Security Controls
Red Hat has issued a fix for Red Hat Enterprise Linux 5.
Oct 25 2013 (Red Hat Issues Fix) GnuPG Incorrect Processing of Key Flags Subpacket May Let Users Bypass Security Controls
Red Hat has issued a fix for gnupg2 for Red Hat Enterprise Linux 5 and 6.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC