CVE-2001-0072

N/A Unknown

Published: February 12, 2001 Modified: April 16, 2026

Description

gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368

Source: cve@mitre.org

http://www.debian.org/security/2000/20001225b

Source: cve@mitre.org

http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3

Source: cve@mitre.org

http://www.osvdb.org/1702

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2000-131.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/152197

Source: cve@mitre.org

http://www.securityfocus.com/bid/2153

Source: cve@mitre.org

Patch Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/5803

Source: cve@mitre.org

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368