CVE编号
CVE-2017-7526利用情况
暂无补丁情况
官方补丁披露时间
2018-07-27漏洞描述
Libgcrypt是GNU计划开发的一个基于GnuPG代码的通用加密库。该库实现了各种加密算法,包括对称密码、哈希算法、公开密钥算法等。Libgcrypt 1.7.7及之前的版本中存在信息泄露漏洞。攻击者可利用该漏洞获取敏感信息。
解决建议
用户可联系供应商获得补丁信息:https://gnupg.org/related_software/libgcrypt/
参考链接 |
|
|---|---|
| http://www.securityfocus.com/bid/99338 | |
| http://www.securitytracker.com/id/1038915 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526 | |
| https://eprint.iacr.org/2017/627 | |
| https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e... | |
| https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ff... | |
| https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc990... | |
| https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html | |
| https://usn.ubuntu.com/3733-1/ | |
| https://usn.ubuntu.com/3733-2/ | |
| https://www.debian.org/security/2017/dsa-3901 | |
| https://www.debian.org/security/2017/dsa-3960 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | gnupg | libgcrypt | * |
Up to (excluding) 1.7.8 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.10 | gnupg1 | * |
Up to (excluding) 1.4.23-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.11 | gnupg1 | * |
Up to (excluding) 1.4.23-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.12 | gnupg1 | * |
Up to (excluding) 1.4.23-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.13 | gnupg1 | * |
Up to (excluding) 1.4.23-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.14 | gnupg1 | * |
Up to (excluding) 1.4.23-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.15 | gnupg1 | * |
Up to (excluding) 1.4.23-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.5 | gnupg1 | * |
Up to (excluding) 1.4.23-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.6 | gnupg1 | * |
Up to (excluding) 1.4.23-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.7 | gnupg1 | * |
Up to (excluding) 1.4.23-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.8 | gnupg1 | * |
Up to (excluding) 1.4.23-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.9 | gnupg1 | * |
Up to (excluding) 1.4.23-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_edge | gnupg1 | * |
Up to (excluding) 1.4.23-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_7 | gnupg1 | * |
Up to (excluding) 1.4.12-7+deb7u9 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_8 | gnupg1 | * |
Up to (excluding) 1.4.18-7+deb8u5 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | gnupg1 | * |
Up to (excluding) 1.4.21-4+deb9u1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_24 | gnupg1 | * |
Up to (excluding) 1.7.8-1.fc24 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_25 | gnupg1 | * |
Up to (excluding) 1.7.8-1.fc25 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_26 | gnupg1 | * |
Up to (excluding) 1.7.8-1.fc26 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_42.2 | gnupg1 | * |
Up to (excluding) 1.6.1-34.6.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_11_SP4 | gnupg1 | * |
Up to (excluding) 1.5.0-0.25.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP2 | gnupg1 | * |
Up to (excluding) 1.6.1-16.42.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_14.04 | gnupg1 | * |
Up to (excluding) 1.5.3-2ubuntu4.5 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04 | gnupg1 | * |
Up to (excluding) 1.4.20-1ubuntu3.3 |
|||||
- 攻击路径 远程
- 攻击复杂度 困难
- 权限要求 无需权限
- 影响范围 越权影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 100
还没有评论,来说两句吧...