Bug 710529 (CVE-2011-2207)
Summary: | CVE-2011-2207 dirmngr: Improper dealing with blocking system calls, when verifying a certificate | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | rdieter, tmraz, vdanen |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-06-13 09:11:22 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jan Lieskovsky
2011-06-03 15:50:17 UTC
This issue affects the version of the dirmngr package, as shipped with Red Hat Enterprise Linux 6. -- This issue affects the version of the dirmngr package, as present within EPEL-5 repository. This issue affects the versions of the dirmngr package, as shipped with Fedora release of 13, 14, and 15. Note: Having said the above, please have a look at the following note regarding the impact too. Issue impact: ============= This seems to be very low security impact issue, if even that. It is true, that dirmngr --daemon hangs for a bit (was less than a minute in my testing) and that during that time period the server was unresponsive even for pings (dirmngr-client --ping) requests, but after that minute the certificate verification *always* ended with the following connection timeout message (following scenario based on reproducer from [1]): a) start the dirmngr daemon: # dirmngr -vvv --daemon DIRMNGR_INFO=/var/run/dirmngr/socket:26775:1; export DIRMNGR_INFO; b) start the certificate verification # time dirmngr-client DTAG_Issuing_CA_i01.der c) in the meantime try to --ping the dirmngr daemon instance # time dirmngr-client --ping d) look at the time results # time dirmngr-client DTAG_Issuing_CA_i01.der dirmngr-client: certificate check failed: Connection timed out real 0m21.003s user 0m0.000s sys 0m0.001s # time dirmngr-client --ping dirmngr-client: a dirmngr daemon is up and running real 0m17.100s user 0m0.001s sys 0m0.000s But as noted in: [5] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627377#5 "For example the KMail hung when trying to verify a signature which has the certificate in the chain." so this will need further research. CVE Request / Discussion: [6] http://www.openwall.com/lists/oss-security/2011/06/03/8 This is a client side DoS and does not seem like a security issue. An attacker sends you a signed email. You try to verify the signature with an email client which uses dirmngr. This causes the daemon to hang and causes a denial of service to other local clients who want to use the service of dirmngr as well. This issue was assigned CVE-2011-2207: http://seclists.org/oss-sec/2011/q2/621 Statement: Red Hat Product Security determined that this flaw was not a security vulnerability. See the Bugzilla link for more details. |