Vulnerability Details CVE-2001-0072
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
- http://www.debian.org/security/2000/20001225b
- http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
- http://www.osvdb.org/1702
- http://www.redhat.com/support/errata/RHSA-2000-131.html
- http://www.securityfocus.com/archive/1/152197
- http://www.securityfocus.com/bid/2153
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5803
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
- http://www.debian.org/security/2000/20001225b
- http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
- http://www.osvdb.org/1702
- http://www.redhat.com/support/errata/RHSA-2000-131.html
- http://www.securityfocus.com/archive/1/152197
- http://www.securityfocus.com/bid/2153
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5803
Products affected by CVE-2001-0072
-
cpe:2.3:a:gnu:privacy_guard:1.0
-
cpe:2.3:a:gnu:privacy_guard:1.0.1
-
cpe:2.3:a:gnu:privacy_guard:1.0.2
-
cpe:2.3:a:gnu:privacy_guard:1.0.3
-
cpe:2.3:a:gnu:privacy_guard:1.0.3b