Bug 185346

Summary: CVE-2006-0049 Gnupg incorrect malformed message verification
Product: Red Hat Enterprise Linux 3 Reporter: Nalin Dahyabhai <nalin>
Component: gnupgAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED ERRATA QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: source=vendorsec,reported=20060305,public=20060309,impact=moderate
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-03-15 17:32:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 184556    
Bug Blocks:    

Description Nalin Dahyabhai 2006-03-13 21:39:51 UTC 
+++ This bug was initially created as a clone of Bug #184556 +++

Gnupg incorrect malformed message verification

Tavis Ormandy discovered that it is still possible to trick gnupg into
incorrectly verifying a signed message.

The patch is here:
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1-1.4.2.2.diff.bz2


This issue also affects RHEL3
This issue also affects RHEL2.1

-- Additional comment from bressers on 2006-03-13 09:56 EST --
Created an attachment (id=126039)
Demo reproducer

This reproducer was given to us by Gentoo.

In order to reproduce this issue on RHEL, the --ignore-crc-error option must be
given to gpg.  This also mitigates the usefullness of this issue on RHEL.