CVE-2001-0072 - OpenCVE

gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Gnu	Privacy Guard

Configuration 1 [-]

OR	cpe:2.3:a:gnu:privacy_guard:1.0:::::::*
	cpe:2.3:a:gnu:privacy_guard:1.0.1:::::::*
	cpe:2.3:a:gnu:privacy_guard:1.0.2:::::::*
	cpe:2.3:a:gnu:privacy_guard:1.0.3:::::::*
	cpe:2.3:a:gnu:privacy_guard:1.0.3b:::::::*

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
http://www.debian.org/security/2000/20001225b
http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
http://www.osvdb.org/1702
http://www.redhat.com/support/errata/RHSA-2000-131.html
http://www.securityfocus.com/archive/1/152197
http://www.securityfocus.com/bid/2153	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5803

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2001-05-07T04:00:00

Updated: 2004-09-02T09:00:00

Reserved: 2001-02-01T00:00:00

Link: CVE-2001-0072

JSON object: View

NVD Information

Status : Modified

Published: 2001-02-12T05:00:00.000

Modified: 2017-10-10T01:29:34.407

Link: CVE-2001-0072

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2000-12-19T00:00:00", "descriptions": [{"lang": "en", "value": "gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2004-09-02T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "CLA-2000:368", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368"}, {"name": "DSA-010-1", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2000/20001225b"}, {"name": "MDKSA-2000-087", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"}, {"name": "2153", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/2153"}, {"name": "RHSA-2000:131", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"}, {"name": "gnupg-reveal-private(5803)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"}, {"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/152197"}, {"name": "1702", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/1702"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-0072", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "CLA-2000:368", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368"}, {"name": "DSA-010-1", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2000/20001225b"}, {"name": "MDKSA-2000-087", "refsource": "MANDRAKE", "url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"}, {"name": "2153", "refsource": "BID", "url": "http://www.securityfocus.com/bid/2153"}, {"name": "RHSA-2000:131", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"}, {"name": "gnupg-reveal-private(5803)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"}, {"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/152197"}, {"name": "1702", "refsource": "OSVDB", "url": "http://www.osvdb.org/1702"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-0072", "datePublished": "2001-05-07T04:00:00", "dateReserved": "2001-02-01T00:00:00", "dateUpdated": "2004-09-02T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E054978B-8466-4D12-B7DC-7E72CC57F0DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F38F964B-C5D1-4177-BD31-7AB4083CC431", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4DF7811A-B254-4829-AED2-C70BD5C82592", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "72ED862B-6278-41ED-9619-115E6552AFBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*", "matchCriteriaId": "1869E888-E83C-4A62-AA84-F2C9F2AF12FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust."}], "id": "CVE-2001-0072", "lastModified": "2017-10-10T01:29:34.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2001-02-12T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2000/20001225b"}, {"source": "cve@mitre.org", "url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/1702"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/152197"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/2153"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}