Bug 21498 - Detached signature verification vulnerability
Detached signature verification vulnerability
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: gnupg (Show other bugs)
7.0
All Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Aaron Brown
: Security
Depends On:
Blocks: 21889
  Show dependency treegraph
 
Reported: 2000-11-29 15:54 EST by Daniel Roesen
Modified: 2007-03-26 23:37 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-12-19 11:51:33 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to fix the vulnerability (2.80 KB, patch)
2000-12-01 20:53 EST, Daniel Roesen
no flags Details | Diff

  None (edit)
Description Daniel Roesen 2000-11-29 15:54:56 EST
From gnupg-devel@gnupg.org mailing list:

----- CITE -----
From: Rene Puls <rpuls@gmx.net>
To: gnupg-devel@gnupg.org
Subject: Serious problem with detached sigs
Date: Wed, 29 Nov 2000 19:55:33 +0100

Hello,

I think I found a serious problem with signature verification
under GnuPG. This may cause detached signatures to be reported as
"valid" while in fact they are not.

The problem is actually quite simple. When you type something
like "gnupg --verify detached_sig signed_file", you would expect GnuPG
to verify the detached signature against the signed file. If you now
replace the "detached_sig" file with a full, clear-signed message
(which is not related to the "signed_file" in any way), GnuPG still
reports a good signature - which is quite misleading.

This means that someone could, for example, modify the
gnupg-1.0.4.tar.gz file on the FTP server, replace the .sig file with
any message that is signed by Werner (no offense :) and nobody would
notice, because the --verify command will correctly verify the
detached signature (but as a full signed message, not as a detached
signature).

A fix for this should be quite simple, by making sure that the
detached_sig file given to the --verify command is *indeed* a detached
signature, at least if two files are given as arguments.

Rene

-- 
Rene Puls <rpuls@gmx.net>                       GnuPG key 0x8652FFE2
http://www.lionking.org/~kianga/
----- CITE -----

I verified this to be a vulnerability in at least GnuPG 1.0.4.
Comment 1 Daniel Roesen 2000-11-30 06:40:09 EST
Werner Koch posted a proposed patch on gnupg-devel for public testing.

<cite>
If this patch works for you, I [typo corrected] will post the patch
on [gnupg-]announce later this day.
</cite>
Comment 2 Daniel Roesen 2000-12-01 20:52:52 EST
OK, final patch got posted by Werner. Attaching.
Comment 3 Daniel Roesen 2000-12-01 20:53:26 EST
Created attachment 5908 [details]
Patch to fix the vulnerability
Comment 4 Daniel Roesen 2000-12-19 08:58:24 EST
New devel snapshot including the fix released:

ftp://ftp.guug.de/pub/gcrypt/devel/gnupg-1.0.4c.tar.gz

When can we expect a fixed Red Hat release?
Comment 5 Nalin Dahyabhai 2000-12-19 11:15:47 EST
Soon.  We'd already extracted the relevant fix from CVS based on previous mail
to the gnupg list, but were waiting to see if an official release would be
available.  Depending on timing, a 1.0.4 with the fixes may pop up in Raw Hide
if 1.0.4c isn't finished.
Comment 6 Nalin Dahyabhai 2000-12-19 11:51:29 EST
1.0.4c includes a large number of changes from 1.0.4.  We'll go with a 1.0.4
with the two specific security patches applied.

Note You need to log in before you can comment on or make changes to this bug.