Security Flaw in GnuPG Affects Key Management
CVE-2001-0072

Currently unrated

Key Information:

Vendor: Gnu
Status: Privacy Guard
Vendor: CVE Published:; 12 February 2001

Summary

A security issue in GnuPG versions prior to 1.0.4 allows the software to import both public and private keys from public key servers without alerting users. This lack of notification regarding private keys poses a threat to the integrity of the web of trust, potentially allowing attackers to misuse trust relationships. Users relying on GnuPG for secure communications should be aware of this vulnerability and take necessary precautions against the risks associated with unverified key imports.

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio...

vendor-advisoryx_refsource_CONECTIVA

http://www.debian.org/security/2000/20001225b

vendor-advisoryx_refsource_DEBIAN

http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-...

vendor-advisoryx_refsource_MANDRAKE

Timeline

Vulnerability published
Feb 12, 2001
Vulnerability Reserved
Feb 1, 2001