Описание
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2001-0072
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5803
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
- http://www.debian.org/security/2000/20001225b
- http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
- http://www.osvdb.org/1702
- http://www.redhat.com/support/errata/RHSA-2000-131.html
- http://www.securityfocus.com/archive/1/152197
- http://www.securityfocus.com/bid/2153
EPSS
CVE ID
Связанные уязвимости
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
EPSS