From gnupg-devel mailing list: ----- CITE ----- From: Rene Puls <rpuls> To: gnupg-devel Subject: Serious problem with detached sigs Date: Wed, 29 Nov 2000 19:55:33 +0100 Hello, I think I found a serious problem with signature verification under GnuPG. This may cause detached signatures to be reported as "valid" while in fact they are not. The problem is actually quite simple. When you type something like "gnupg --verify detached_sig signed_file", you would expect GnuPG to verify the detached signature against the signed file. If you now replace the "detached_sig" file with a full, clear-signed message (which is not related to the "signed_file" in any way), GnuPG still reports a good signature - which is quite misleading. This means that someone could, for example, modify the gnupg-1.0.4.tar.gz file on the FTP server, replace the .sig file with any message that is signed by Werner (no offense :) and nobody would notice, because the --verify command will correctly verify the detached signature (but as a full signed message, not as a detached signature). A fix for this should be quite simple, by making sure that the detached_sig file given to the --verify command is *indeed* a detached signature, at least if two files are given as arguments. Rene -- Rene Puls <rpuls> GnuPG key 0x8652FFE2 http://www.lionking.org/~kianga/ ----- CITE ----- I verified this to be a vulnerability in at least GnuPG 1.0.4.
Werner Koch posted a proposed patch on gnupg-devel for public testing. <cite> If this patch works for you, I [typo corrected] will post the patch on [gnupg-]announce later this day. </cite>
OK, final patch got posted by Werner. Attaching.
Created attachment 5908 [details] Patch to fix the vulnerability
New devel snapshot including the fix released: ftp://ftp.guug.de/pub/gcrypt/devel/gnupg-1.0.4c.tar.gz When can we expect a fixed Red Hat release?
Soon. We'd already extracted the relevant fix from CVS based on previous mail to the gnupg list, but were waiting to see if an official release would be available. Depending on timing, a 1.0.4 with the fixes may pop up in Raw Hide if 1.0.4c isn't finished.
1.0.4c includes a large number of changes from 1.0.4. We'll go with a 1.0.4 with the two specific security patches applied.