Vulnerability Description
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Privacy Guard | 1.0 |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
- http://www.debian.org/security/2000/20001225b
- http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
- http://www.osvdb.org/1702
- http://www.redhat.com/support/errata/RHSA-2000-131.html
- http://www.securityfocus.com/archive/1/152197
- http://www.securityfocus.com/bid/2153PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5803
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
- http://www.debian.org/security/2000/20001225b
- http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
- http://www.osvdb.org/1702
- http://www.redhat.com/support/errata/RHSA-2000-131.html
- http://www.securityfocus.com/archive/1/152197
- http://www.securityfocus.com/bid/2153PatchVendor Advisory
FAQ
What is CVE-2001-0072?
CVE-2001-0072 is a vulnerability with a CVSS score of 5.0 (MEDIUM). gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web ...
How severe is CVE-2001-0072?
CVE-2001-0072 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0072?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Privacy Guard.