ElGamal sign+encrypt keys created by GnuPG can be compromised gnupg 1.0.21.2.3_4

Any ElGamal sign+encrypt keys created by GnuPG contain a cryptographic weakness that may allow someone to obtain the private key. These keys should be considered unusable and should be revoked.

The following summary was written by Werner Koch, GnuPG author:

Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will reveal your private key within a few seconds.

...

Please take immediate action and revoke your ElGamal signing keys. Furthermore you should take whatever measures necessary to limit the damage done for signed or encrypted documents using that key.

Note that the standard keys as generated by GnuPG (DSA and ElGamal encryption) as well as RSA keys are NOT vulnerable. Note also that ElGamal signing keys cannot be generated without the use of a special flag to enable hidden options and even then overriding a warning message about this key type. See below for details on how to identify vulnerable keys.

CVE-2003-0971 http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html 2003-11-27 2003-12-12 bind8 negative cache poison attack bind 8.38.3.7 8.48.4.3 FreeBSD 5.15.1_11 5.05.0_19 4.94.9_1 4.84.8_14 4.74.7_24 4.64.6.2_27 4.54.5_37 4.4_47

A programming error in BIND 8 named can result in a DNS message being incorrectly cached as a negative response. As a result, an attacker may arrange for malicious DNS messages to be delivered to a target name server, and cause that name server to cache a negative response for some target domain name. The name server would thereafter respond negatively to legitimate queries for that domain name, resulting in a denial-of-service for applications that require DNS.

CVE-2003-0914 SA-03:19.bind 734644 2003-11-28 2003-12-12 2004-05-05 Mathopd buffer overflow mathopd 1.4p2

Mathopd contains a buffer overflow in the prepare_reply() function that may be remotely exploitable.

http://www.mail-archive.com/mathopd%40mathopd.org/msg00136.html 2003-12-04 2003-12-12 lftp HTML parsing vulnerability lftp 2.6.10

A buffer overflow exists in lftp which may be triggered when requesting a directory listing from a malicious server over HTTP.

CVE-2003-0963 http://lftp.yar.ru/news.html#2.6.10 2003-12-11 2003-12-12 qpopper format string vulnerability qpopper 2.53_1

An authenticated user may trigger a format string vulnerability present in qpopper's UIDL code, resulting in arbitrary code execution with group ID `mail' privileges.

1241 CVE-2000-0442 http://www.netsys.com/suse-linux-security/2000-May/att-0137/01-b0f5-Qpopper.txt 2000-05-23 2003-12-12 fetchmail -- address parsing vulnerability fetchmail 6.2.0

Fetchmail can be crashed by a malicious email message.

http://security.e-matters.de/advisories/052002.html 2003-10-25 2003-10-25 2012-09-04 Buffer overflow in pam_smb password handling pam_smb 1.9.9_3

Applications utilizing pam_smb can be compromised by any user who can enter a password. In many cases, this is a remote root compromise.

http://www.skynet.ie/~airlied/pam_smb/ CVE-2003-0686 2003-10-25 2003-10-25 2003-10-25 Buffer overflows in libmcrypt libmcrypt 2.5.6

libmcrypt does incomplete input validation, leading to several buffer overflows. Additionally, a memory leak is present. Both of these problems may be exploited in a denial-of-service attack.

http://marc.theaimsgroup.com/?l=bugtraq&m=104162752401212&w=2 CVE-2003-0031 CVE-2003-0032 2003-10-25 2003-10-25 2003-10-25