CVE Reference: CVE-2013-4242

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2013-4242

Description:
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

CVE Status:
Candidate

References:

UBUNTU
  http://www.ubuntu.com/usn/USN-1923-1

SUSE
  http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html

SAID
  Secunia Advisory: SA54318
  Secunia Advisory: SA54321
  Secunia Advisory: SA54332
  Secunia Advisory: SA54375

REDHAT
  http://rhn.redhat.com/errata/RHSA-2013-1457.html

MLIST
  http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html

MISC
  http://eprint.iacr.org/2013/448
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880

DEBIAN
  http://www.debian.org/security/2013/dsa-2731
  http://www.debian.org/security/2013/dsa-2730

CERT-VN
  976534

BID
  61464


Return to the previous page.