FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-0366

This CVE name corresponds to:

Entered Topic
2005-07-31 gnupg -- OpenPGP symmetric encryption vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-0366 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-0366
Phase Assigned(20050211)

Description

The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.

References

Source Reference
MISC http://eprint.iacr.org/2005/033
CONFIRM http://www.pgp.com/library/ctocorner/openpgp.html
MISC http://eprint.iacr.org/2005/033.pdf
GENTOO GLSA-200503-29
MANDRAKE MDKSA-2005:057
SUSE SUSE-SR:2005:007
CERT-VN VU#303094
BID 12529
OSVDB 13775
SECTRACK 1013166

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.