Detections
Analytics

Fedora 20 : gnupg-1.4.16-2.fc20 (2013-23603)

low Nessus Plugin ID 71597

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

What's New ===========

 - Fixed the RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack as described by Genkin, Shamir, and Tromer. See <http://www.cs.tau.ac.il/~tromer/acoustic/>.[CVE-2013-45 76]

 - Put only the major version number by default into armored output.

 - Do not create a trustdb file if --trust-model=always is used.

 - Print the keyid for key packets with --list-packets.

 - Changed modular exponentiation algorithm to recover from a small performance loss due to a change in 1.4.14.

Impact of the security problem ==============================

CVE-2013-4576 has been assigned to this security bug.

The paper describes two attacks.The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption.This is in general not a problem but may be used to reveal the information that a message, encrypted to a commonly not used key, has been received by the targeted machine.We do not have a software solution to mitigate this attack.

The second attack is more serious. It is an adaptive chosen ciphertext attack to reveal the private key. A possible scenario is that the attacker places a sensor (for example a standard smartphone) in the vicinity of the targeted machine. That machine is assumed to do unattended RSA decryption of received mails, for example by using a mail client which speeds up browsing by opportunistically decrypting mails expected to be read soon.While listening to the acoustic emanations of the targeted machine, the smartphone will send new encrypted messages to that machine and re-construct the private key bit by bit.A 4096 bit RSA key used on a laptop can be revealed within an hour.

GnuPG 1.4.16 avoids this attack by employing RSA blinding during decryption.GnuPG 2.x and current Gpg4win versions make use of Libgcrypt which employs RSA blinding anyway and are thus not vulnerable.

For the highly interesting research on acoustic cryptanalysis and the details of the attack see http://www.cs.tau.ac.il/~tromer/acoustic/ .

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected gnupg package.

See Also

http://www.cs.tau.ac.il/~tromer/acoustic/

https://bugzilla.redhat.com/show_bug.cgi?id=1044402

http://www.nessus.org/u?b6d204ed

Plugin Details

Severity: Low

ID: 71597

File Name: fedora_2013-23603.nasl

Version: 1.6

Type: local

Agent: unix

Published: 12/23/2013

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:gnupg, cpe:/o:fedoraproject:fedora:20

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/20/2013

Reference Information

BID: 64424

FEDORA: 2013-23603