ID CVE-2016-6313
Summary The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
References
Vulnerable Configurations
  • GnuPG Libgcrypt 1.5.3
    cpe:2.3:a:gnupg:libgcrypt:1.5.3
  • GnuPG (Privacy Guard) Libgcrypt 1.6.0
    cpe:2.3:a:gnupg:libgcrypt:1.6.0
  • GnuPG (Privacy Guard) Libgcrypt 1.6.1
    cpe:2.3:a:gnupg:libgcrypt:1.6.1
  • GnuPG (Privacy Guard) Libgcrypt 1.6.2
    cpe:2.3:a:gnupg:libgcrypt:1.6.2
  • GnuPG (Privacy Guard) Libgcrypt 1.6.3
    cpe:2.3:a:gnupg:libgcrypt:1.6.3
  • GnuPG Libgcrypt 1.6.4
    cpe:2.3:a:gnupg:libgcrypt:1.6.4
  • GnuPG (Privacy Guard) Libgcrypt 1.6.5
    cpe:2.3:a:gnupg:libgcrypt:1.6.5
  • GnuPG (Privacy Guard) Libgcrypt 1.7.0
    cpe:2.3:a:gnupg:libgcrypt:1.7.0
  • GnuPG (Privacy Guard) Libgcrypt 1.7.1
    cpe:2.3:a:gnupg:libgcrypt:1.7.1
  • GnuPG (Privacy Guard) Libgcrypt 1.7.2
    cpe:2.3:a:gnupg:libgcrypt:1.7.2
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • GnuPG (Privacy Guard) 1.4.14
    cpe:2.3:a:gnupg:gnupg:1.4.14
CVSS
Base: 5.0 (as of 16-12-2016 - 14:41)
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1138.NASL
    description This update for libgcrypt fixes the following issues : - RNG prediction vulnerability (bsc#994157, CVE-2016-6313) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2018-09-01
    modified 2016-12-21
    plugin id 93823
    published 2016-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93823
    title openSUSE Security Update : libgcrypt (openSUSE-2016-1138)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0156.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-6313 - predictable PRNG output (#1366105)
    last seen 2019-01-16
    modified 2018-07-24
    plugin id 94650
    published 2016-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94650
    title OracleVM 3.3 / 3.4 : libgcrypt (OVMSA-2016-0156)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201612-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201612-01 (GnuPG: RNG output is predictable) A long standing bug (since 1998) in Libgcrypt (see “GLSA 201610-04” below) and GnuPG allows an attacker to predict the output from the standard RNG. Please review the “Entropy Loss and Output Predictability in the Libgcrypt PRNG” paper below for a deep technical analysis. Impact : An attacker who obtains 580 bytes of the random number from the standard RNG can trivially predict the next 20 bytes of output. This flaw does not affect the default generation of keys, because running gpg for key creation creates at most 2 keys from the pool. For a single 4096 bit RSA key, 512 bytes of random are required and thus for the second key (encryption subkey), 20 bytes could be predicted from the the first key. However, the security of an OpenPGP key depends on the primary key (which was generated first) and thus the 20 predictable bytes should not be a problem. For the default key length of 2048 bit nothing will be predictable. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-11-19
    plugin id 95516
    published 2016-12-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95516
    title GLSA-201612-01 : GnuPG: RNG output is predictable
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-2674.NASL
    description An update for libgcrypt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix(es) : * A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. (CVE-2016-6313) Red Hat would like to thank Felix Dorre and Vladimir Klebanov for reporting this issue.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 94741
    published 2016-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94741
    title CentOS 6 / 7 : libgcrypt (CESA-2016:2674)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2345-1.NASL
    description This update for libgcrypt fixes the following issues : - RNG prediction vulnerability (bsc#994157, CVE-2016-6313) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-29
    plugin id 93644
    published 2016-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93644
    title SUSE SLED12 / SLES12 Security Update : libgcrypt (SUSE-SU-2016:2345-1)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0013_LIBGCRYPT.NASL
    description An update of the libgcrypt package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121685
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121685
    title Photon OS 1.0: Libgcrypt PHSA-2017-0013
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-9864953AA3.NASL
    description - New upstream v1.4.21 - Fix critical security bug in the RNG [CVE-2016-6313] (#1366105) - Tweak default options for gpgv - By default do not anymore emit the GnuPG version with --armor Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-12-21
    plugin id 93142
    published 2016-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93142
    title Fedora 24 : gnupg (2016-9864953aa3)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201610-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201610-04 (libgcrypt: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libgcrypt. Please review the CVE identifiers referenced below for details. Impact : Side-channel attacks can leak private key information. A separate critical bug allows an attacker who obtains 4640 bits from the RNG to trivially predict the next 160 bits of output. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2016-12-21
    plugin id 93946
    published 2016-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93946
    title GLSA-201610-04 : libgcrypt: Multiple vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3064-1.NASL
    description Felix Dorre and Vladimir Klebanov discovered that GnuPG incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 93045
    published 2016-08-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93045
    title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : gnupg vulnerability (USN-3064-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-744.NASL
    description A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker who can obtain the first 580 bytes of the PRNG output can trivially predict the following 20 bytes.
    last seen 2019-01-16
    modified 2018-04-18
    plugin id 93536
    published 2016-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93536
    title Amazon Linux AMI : libgcrypt / gnupg (ALAS-2016-744)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-600.NASL
    description The crypto library libgcrypt11 has a weakness in the random number generator. CVE-2016-6313 Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug in GnuPG shows that existing RSA keys are not weakened. For DSA and Elgamal keys it is also unlikely that the private key can be predicted from other public information. For Debian 7 'Wheezy', these problems have been fixed in version 1.5.0-5+deb7u5. We recommend that you upgrade your libgcrypt11 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-07-09
    plugin id 93083
    published 2016-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93083
    title Debian DLA-600-1 : libgcrypt11 security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-3A0195918F.NASL
    description - New upstream v1.4.21 - Fix critical security bug in the RNG [CVE-2016-6313] (#1366105) - Tweak default options for gpgv - By default do not anymore emit the GnuPG version with --armor Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-12-21
    plugin id 93490
    published 2016-09-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93490
    title Fedora 23 : gnupg (2016-3a0195918f)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-236-01.NASL
    description New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen 2019-01-16
    modified 2016-12-21
    plugin id 93080
    published 2016-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93080
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : gnupg (SSA:2016-236-01)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_E1C71D8D64D911E6B38A25A46B33F2ED.NASL
    description Werner Koch reports : There was a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 93023
    published 2016-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93023
    title FreeBSD : gnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output (e1c71d8d-64d9-11e6-b38a-25a46b33f2ed)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-B66A0AEF08.NASL
    description Important update from upstream which fixes predictability problem in the RNG (CVE-2016-6313). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-12-21
    plugin id 94850
    published 2016-11-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94850
    title Fedora 25 : libgcrypt (2016-b66a0aef08)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2346-1.NASL
    description This update for libgcrypt fixes the following issues : - RNG prediction vulnerability (bsc#994157, CVE-2016-6313) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-29
    plugin id 93645
    published 2016-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93645
    title SUSE SLES11 Security Update : libgcrypt (SUSE-SU-2016:2346-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2016-1081.NASL
    description According to the version of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes.(CVE-2016-6313) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-14
    plugin id 99841
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99841
    title EulerOS 2.0 SP1 : libgcrypt (EulerOS-SA-2016-1081)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20161108_LIBGCRYPT_ON_SL6_X.NASL
    description Security Fix(es) : - A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. (CVE-2016-6313)
    last seen 2019-01-16
    modified 2018-12-28
    plugin id 94652
    published 2016-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94652
    title Scientific Linux Security Update : libgcrypt on SL6.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-2B4ECFA79F.NASL
    description Important update from upstream which fixes predictability problem in the RNG (CVE-2016-6313). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-12-21
    plugin id 93355
    published 2016-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93355
    title Fedora 23 : libgcrypt (2016-2b4ecfa79f)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2674.NASL
    description An update for libgcrypt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix(es) : * A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. (CVE-2016-6313) Red Hat would like to thank Felix Dorre and Vladimir Klebanov for reporting this issue.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 94626
    published 2016-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94626
    title RHEL 6 / 7 : libgcrypt (RHSA-2016:2674)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3650.NASL
    description Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of Libgcrypt's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug for GnuPG shows that existing RSA keys are not weakened. For DSA and Elgamal keys it is also unlikely that the private key can be predicted from other public information.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 93019
    published 2016-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93019
    title Debian DSA-3650-1 : libgcrypt20 - security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-602.NASL
    description CVE-2016-6313 Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug for GnuPG shows that existing RSA keys are not weakened. For DSA and Elgamal keys it is also unlikely that the private key can be predicted from other public information. Bypassing GnuPG key checking : Weaknesses have been found in GnuPG signature validation that attackers could exploit thanks to especially forged public keys and under specific hardware-software conditions. While the underlying problem cannot be solved only by software, GnuPG has been strengthened, avoiding to rely on keyring signature caches when verifying keys. Potential specific attacks are not valid any more with the patch of GnuPG Bypassing GnuPG key checking : Vrije Universiteit Amsterdam and Katholieke Universteit Leuven researchers discovered an attack method, known as Flip Feng Shui, that concerns flaws in GnuPG. Researchers found that under specific hardware-software conditions, attackers could bypass the GnuPG signature validation by using forged public keys. While the underlying problem cannot be solved only by software, GnuPG has been made more robust to avoid relying on keyring signature caches when verifying keys. For Debian 7 'Wheezy', these issues have been addressed in version 1.4.12-7+deb7u8. We recommend that you upgrade your gnupg packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-07-09
    plugin id 93199
    published 2016-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93199
    title Debian DLA-602-1 : gnupg security and hardening update
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-236-02.NASL
    description New libgcrypt packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen 2019-01-16
    modified 2016-12-21
    plugin id 93081
    published 2016-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93081
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libgcrypt (SSA:2016-236-02)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3649.NASL
    description Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug for GnuPG shows that existing RSA keys are not weakened. For DSA and Elgamal keys it is also unlikely that the private key can be predicted from other public information.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 93018
    published 2016-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93018
    title Debian DSA-3649-1 : gnupg - security update
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-2674.NASL
    description From Red Hat Security Advisory 2016:2674 : An update for libgcrypt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix(es) : * A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. (CVE-2016-6313) Red Hat would like to thank Felix Dorre and Vladimir Klebanov for reporting this issue.
    last seen 2019-01-16
    modified 2018-07-24
    plugin id 94622
    published 2016-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94622
    title Oracle Linux 6 / 7 : libgcrypt (ELSA-2016-2674)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-AAB0A156AB.NASL
    description - New upstream v1.4.21 - Fix critical security bug in the RNG [CVE-2016-6313] (#1366105) - Tweak default options for gpgv - By default do not anymore emit the GnuPG version with --armor Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-12-21
    plugin id 94847
    published 2016-11-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94847
    title Fedora 25 : gnupg (2016-aab0a156ab)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3065-1.NASL
    description Felix Dorre and Vladimir Klebanov discovered that Libgcrypt incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 93046
    published 2016-08-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93046
    title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : libgcrypt11, libgcrypt20 vulnerability (USN-3065-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1042.NASL
    description This update for libgcrypt fixes the following issues : - RNG prediction vulnerability (boo#994157, CVE-2016-6313)
    last seen 2018-09-02
    modified 2016-12-21
    plugin id 93250
    published 2016-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93250
    title openSUSE Security Update : libgcrypt (openSUSE-2016-1042)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0013.NASL
    description An update of [cracklib,libevent,libgcrypt,httpd,glibc] packages for PhotonOS has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 111862
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111862
    title Photon OS 1.0: Cracklib / Glibc / Httpd / Libevent / Libgcrypt PHSA-2017-0013 (deprecated)
redhat via4
advisories
bugzilla
id 1366105
title CVE-2016-6313 libgcrypt: PRNG output is predictable
oval
OR
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment libgcrypt is earlier than 0:1.4.5-12.el6_8
          oval oval:com.redhat.rhsa:tst:20162674005
        • comment libgcrypt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131457006
      • AND
        • comment libgcrypt-devel is earlier than 0:1.4.5-12.el6_8
          oval oval:com.redhat.rhsa:tst:20162674007
        • comment libgcrypt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131457008
  • AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment libgcrypt is earlier than 0:1.5.3-13.el7_3.1
          oval oval:com.redhat.rhsa:tst:20162674014
        • comment libgcrypt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131457006
      • AND
        • comment libgcrypt-devel is earlier than 0:1.5.3-13.el7_3.1
          oval oval:com.redhat.rhsa:tst:20162674013
        • comment libgcrypt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131457008
rhsa
id RHSA-2016:2674
released 2016-11-08
severity Moderate
title RHSA-2016:2674: libgcrypt security update (Moderate)
rpms
  • libgcrypt-0:1.4.5-12.el6_8
  • libgcrypt-devel-0:1.4.5-12.el6_8
  • libgcrypt-0:1.5.3-13.el7_3.1
  • libgcrypt-devel-0:1.5.3-13.el7_3.1
refmap via4
bid 92527
confirm https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob_plain;f=NEWS
debian
  • DSA-3649
  • DSA-3650
gentoo
  • GLSA-201610-04
  • GLSA-201612-01
mlist [gnupg-announce] 20160817 [Announce] Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316]
sectrack 1036635
ubuntu
  • USN-3064-1
  • USN-3065-1
Last major update 16-12-2016 - 15:06
Published 13-12-2016 - 15:59
Last modified 04-01-2018 - 21:31
Back to Top