Executive Summary

Informations
Name MDVSA-2014:176 First vendor Publication 2014-09-05
Vendor Mandriva Last vendor Modification 2014-09-05
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Updated libgcrypt packages fix security vulnerability:

The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL side-channel attack (CVE-2014-5270).

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2014:176

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:25845
 
Oval ID: oval:org.mitre.oval:def:25845
Title: USN-2339-2 -- libgcrypt11 vulnerability
Description: Libgcrypt could expose sensitive information when performing decryption.
Family: unix Class: patch
Reference(s): USN-2339-2
CVE-2014-5270
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): libgcrypt11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26547
 
Oval ID: oval:org.mitre.oval:def:26547
Title: SUSE-SU-2014:1077-1 -- Security update for libgcrypt
Description: This libgcrypt update fixes the following security issue: * bnc#892464: Side-channel attack on Elgamal encryption subkeys. (CVE-2014-5270) Security Issues: * CVE-2014-5270 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1077-1
CVE-2014-5270
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): libgcrypt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26710
 
Oval ID: oval:org.mitre.oval:def:26710
Title: DSA-3024-1 gnupg - security update
Description: Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal encryption subkeys (<a href="https://security-tracker.debian.org/tracker/CVE-2014-5270">CVE-2014-5270</a>).
Family: unix Class: patch
Reference(s): DSA-3024-1
CVE-2014-5270
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): gnupg
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26749
 
Oval ID: oval:org.mitre.oval:def:26749
Title: USN-2339-1 -- gnupg vulnerability
Description: GnuPG could expose sensitive information when performing decryption.
Family: unix Class: patch
Reference(s): USN-2339-1
CVE-2014-5270
Version: 3
Platform(s): Ubuntu 12.04
Ubuntu 10.04
Product(s): gnupg
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27968
 
Oval ID: oval:org.mitre.oval:def:27968
Title: DSA-3073-1 -- libgcrypt11 security update
Description: Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack.
Family: unix Class: patch
Reference(s): DSA-3073-1
CVE-2014-5270
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): libgcrypt11
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 9
Os 1

Nessus® Vulnerability Scanner

Date Description
2015-08-05 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-577.nasl - Type : ACT_GATHER_INFO
2015-04-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2554-1.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-154.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-93.nasl - Type : ACT_GATHER_INFO
2014-11-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3073.nasl - Type : ACT_GATHER_INFO
2014-09-23 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2014-180.nasl - Type : ACT_GATHER_INFO
2014-09-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3024.nasl - Type : ACT_GATHER_INFO
2014-09-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-176.nasl - Type : ACT_GATHER_INFO
2014-09-04 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2339-1.nasl - Type : ACT_GATHER_INFO
2014-09-04 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2339-2.nasl - Type : ACT_GATHER_INFO
2014-09-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libgcrypt-devel-140819.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201408-10.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2014-10-11 00:27:53
  • Multiple Updates
2014-10-10 09:29:50
  • Multiple Updates
2014-09-13 13:43:12
  • Multiple Updates
2014-09-05 17:21:28
  • First insertion