Ubuntu 4.10 / 5.04 : gnupg vulnerability (USN-170-1)

medium Nessus Plugin ID 20577

Synopsis

The remote Ubuntu host is missing a security-related patch.

Description

Serge Mister and Robert Zuccherato discovered a weakness of the symmetrical encryption algorithm of gnupg. When decrypting a message, gnupg uses a feature called 'quick scan'; this can quickly check whether the key that is used for decryption is (probably) the right one, so that wrong keys can be determined quickly without decrypting the whole message.

A failure of the quick scan will be determined much faster than a successful one. Mister/Zuccherato demonstrated that this timing difference can be exploited to an attack which allows an attacker to decrypt parts of an encrypted message if an 'oracle' is available, i.
e. an automatic system that receives random encrypted messages from the attacker and answers whether it passes the quick scan check.

However, since the attack requires a huge amount of oracle answers (about 32.000 for every 16 bytes of ciphertext), this attack is mostly theoretical. It does not have any impact on human operation of gnupg and is not believed to be exploitable in practice.

The updated packages disable the quick check, which renders this timing attack impossible.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected gnupg package.

Plugin Details

Severity: Medium

ID: 20577

File Name: ubuntu_USN-170-1.nasl

Version: 1.15

Type: local

Agent: unix

Published: 1/15/2006

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:4.10, cpe:/o:canonical:ubuntu_linux:5.04, p-cpe:/a:canonical:ubuntu_linux:gnupg

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Patch Publication Date: 8/19/2005

Reference Information

CVE: CVE-2005-0366

USN: 170-1