Bug 184556 - CVE-2006-0049 Gnupg incorrect malformed message verification
Summary: CVE-2006-0049 Gnupg incorrect malformed message verification
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: gnupg
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Nalin Dahyabhai
QA Contact: Mike McLean
URL:
Whiteboard: source=vendorsec,reported=20060305,pu...
Depends On:
Blocks: 185345 185346
TreeView+ depends on / blocked
 
Reported: 2006-03-09 20:29 UTC by Josh Bressers
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version: RHSA-2006-0266
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-03-15 16:32:04 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Demo reproducer (741 bytes, text/plain)
2006-03-13 14:56 UTC, Josh Bressers
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0266 0 normal SHIPPED_LIVE Important: gnupg security update 2006-03-15 05:00:00 UTC

Internal Links: 185355

Description Josh Bressers 2006-03-09 20:29:14 UTC
Gnupg incorrect malformed message verification

Tavis Ormandy discovered that it is still possible to trick gnupg into
incorrectly verifying a signed message.

The patch is here:
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.1-1.4.2.2.diff.bz2


This issue also affects RHEL3
This issue also affects RHEL2.1

Comment 1 Josh Bressers 2006-03-13 14:56:43 UTC
Created attachment 126039 [details]
Demo reproducer

This reproducer was given to us by Gentoo.

In order to reproduce this issue on RHEL, the --ignore-crc-error option must be
given to gpg.  This also mitigates the usefullness of this issue on RHEL.

Comment 5 Red Hat Bugzilla 2006-03-15 16:32:06 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0266.html



Note You need to log in before you can comment on or make changes to this bug.