Computer Security
[EN] securityvulns.ru no-pyccku


gnupg / libcrypt RSA implementation flush+reload timing attack
Published:12.08.2013
Source:
SecurityVulns ID:13243
Type:local
Threat Level:
5/10
Description:Private key recovery by using CPU L3 cache timings.
Affected:GNU : GnuPG 1.4
 LIBCRYPT : libcrypt 1.5
CVE:CVE-2013-4242 (GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.)
Original documentdocumentSLACKWARE, [slackware-security] gnupg / libgcrypt (SSA:2013-215-01) (12.08.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod