CVE-2001-0072
GnuPG - Unauthenticated Private Key Import via Public Key Server
Title source: llmDescription
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
References (8)
Core 8
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2153
Vendor Advisory vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2000/20001225b
Various Sources vendor-advisory
x_refsource_mandrake
http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2000-131.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5803
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/152197
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/1702
Scores
EPSS
0.0078
EPSS Percentile
73.9%
Details
Status
published
Products (5)
gnu/privacy_guard
1.0
gnu/privacy_guard
1.0.1
gnu/privacy_guard
1.0.2
gnu/privacy_guard
1.0.3
gnu/privacy_guard
1.0.3b
Published
Feb 12, 2001
Tracked Since
Feb 18, 2026