Bug 1563930 (CVE-2018-9234)

Summary: CVE-2018-9234 GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bcl, crypto-team, nmavrogi, rdieter, tmraz
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-31 06:58:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1563931, 1563932, 1563933, 1563934, 1564367, 1564368    
Bug Blocks: 1563936    

Description Sam Fowler 2018-04-05 05:19:32 UTC
GnuPG through version 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.

Upstream Issue:


Upstream Patch:


Comment 1 Sam Fowler 2018-04-05 05:19:55 UTC
Created gnupg2 tracking bugs for this issue:

Affects: fedora-all [bug 1563931]

Created gnupg tracking bugs for this issue:

Affects: fedora-all [bug 1563932]

Comment 3 Huzaifa S. Sidhpurwala 2018-04-06 04:03:20 UTC

Normally master keys are more protected than signing or encryption subkeys. Since master key can actually be used to prove someone's identity. Subkeys on other hand can you used to sign/verify and encrypt/decrypt messages in place of the master keys. However the procedure of signing someones keys requires the master key. The flaw allows the signing subkey to sign someones keys, without the use of the master key, when smartcards are used. This seems to be only a minor security bypass, since technically subkeys also need to have some form of security around them.