| Summary: | CVE-2011-2207 dirmngr: Improper dealing with blocking system calls, when verifying a certificate | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | rdieter, tmraz, vdanen |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-06-13 09:11:22 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Jan Lieskovsky
2011-06-03 15:50:17 UTC
This issue affects the version of the dirmngr package, as shipped with
Red Hat Enterprise Linux 6.
--
This issue affects the version of the dirmngr package, as present within
EPEL-5 repository.
This issue affects the versions of the dirmngr package, as shipped with
Fedora release of 13, 14, and 15.
Note: Having said the above, please have a look at the following note regarding
the impact too.
Issue impact: ============= This seems to be very low security impact issue, if even that. It is true, that dirmngr --daemon hangs for a bit (was less than a minute in my testing) and that during that time period the server was unresponsive even for pings (dirmngr-client --ping) requests, but after that minute the certificate verification *always* ended with the following connection timeout message (following scenario based on reproducer from [1]): a) start the dirmngr daemon: # dirmngr -vvv --daemon DIRMNGR_INFO=/var/run/dirmngr/socket:26775:1; export DIRMNGR_INFO; b) start the certificate verification # time dirmngr-client DTAG_Issuing_CA_i01.der c) in the meantime try to --ping the dirmngr daemon instance # time dirmngr-client --ping d) look at the time results # time dirmngr-client DTAG_Issuing_CA_i01.der dirmngr-client: certificate check failed: Connection timed out real 0m21.003s user 0m0.000s sys 0m0.001s # time dirmngr-client --ping dirmngr-client: a dirmngr daemon is up and running real 0m17.100s user 0m0.001s sys 0m0.000s But as noted in: [5] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627377#5 "For example the KMail hung when trying to verify a signature which has the certificate in the chain." so this will need further research. CVE Request / Discussion: [6] http://www.openwall.com/lists/oss-security/2011/06/03/8 This is a client side DoS and does not seem like a security issue. An attacker sends you a signed email. You try to verify the signature with an email client which uses dirmngr. This causes the daemon to hang and causes a denial of service to other local clients who want to use the service of dirmngr as well. This issue was assigned CVE-2011-2207: http://seclists.org/oss-sec/2011/q2/621 Statement: Red Hat Product Security determined that this flaw was not a security vulnerability. See the Bugzilla link for more details. |