Bug 21498 - Detached signature verification vulnerability
Summary: Detached signature verification vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: gnupg
Version: 7.0
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Aaron Brown
URL:
Whiteboard:
Depends On:
Blocks: 21889
TreeView+ depends on / blocked
 
Reported: 2000-11-29 20:54 UTC by Daniel Roesen
Modified: 2007-03-27 03:37 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2000-12-19 16:51:33 UTC
Embargoed:


Attachments (Terms of Use)
Patch to fix the vulnerability (2.80 KB, patch)
2000-12-02 01:53 UTC, Daniel Roesen
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2000:131 0 normal SHIPPED_LIVE : Updated gnupg packages now available 2000-12-19 05:00:00 UTC

Description Daniel Roesen 2000-11-29 20:54:56 UTC
From gnupg-devel mailing list:

----- CITE -----
From: Rene Puls <rpuls>
To: gnupg-devel
Subject: Serious problem with detached sigs
Date: Wed, 29 Nov 2000 19:55:33 +0100

Hello,

I think I found a serious problem with signature verification
under GnuPG. This may cause detached signatures to be reported as
"valid" while in fact they are not.

The problem is actually quite simple. When you type something
like "gnupg --verify detached_sig signed_file", you would expect GnuPG
to verify the detached signature against the signed file. If you now
replace the "detached_sig" file with a full, clear-signed message
(which is not related to the "signed_file" in any way), GnuPG still
reports a good signature - which is quite misleading.

This means that someone could, for example, modify the
gnupg-1.0.4.tar.gz file on the FTP server, replace the .sig file with
any message that is signed by Werner (no offense :) and nobody would
notice, because the --verify command will correctly verify the
detached signature (but as a full signed message, not as a detached
signature).

A fix for this should be quite simple, by making sure that the
detached_sig file given to the --verify command is *indeed* a detached
signature, at least if two files are given as arguments.

Rene

-- 
Rene Puls <rpuls>                       GnuPG key 0x8652FFE2
http://www.lionking.org/~kianga/
----- CITE -----

I verified this to be a vulnerability in at least GnuPG 1.0.4.

Comment 1 Daniel Roesen 2000-11-30 11:40:09 UTC
Werner Koch posted a proposed patch on gnupg-devel for public testing.

<cite>
If this patch works for you, I [typo corrected] will post the patch
on [gnupg-]announce later this day.
</cite>

Comment 2 Daniel Roesen 2000-12-02 01:52:52 UTC
OK, final patch got posted by Werner. Attaching.

Comment 3 Daniel Roesen 2000-12-02 01:53:26 UTC
Created attachment 5908 [details]
Patch to fix the vulnerability

Comment 4 Daniel Roesen 2000-12-19 13:58:24 UTC
New devel snapshot including the fix released:

ftp://ftp.guug.de/pub/gcrypt/devel/gnupg-1.0.4c.tar.gz

When can we expect a fixed Red Hat release?

Comment 5 Nalin Dahyabhai 2000-12-19 16:15:47 UTC
Soon.  We'd already extracted the relevant fix from CVS based on previous mail
to the gnupg list, but were waiting to see if an official release would be
available.  Depending on timing, a 1.0.4 with the fixes may pop up in Raw Hide
if 1.0.4c isn't finished.

Comment 6 Nalin Dahyabhai 2000-12-19 16:51:29 UTC
1.0.4c includes a large number of changes from 1.0.4.  We'll go with a 1.0.4
with the two specific security patches applied.


Note You need to log in before you can comment on or make changes to this bug.