From: S-Quadra Security Research <research@s-quadra.com> Subject: GnuPG 1.2.3, 1.3.3 external HKP interface format string issue Date: December 3, 2003 8:30:38 AM EST To: full-disclosure <full-disclosure@lists.netsys.com>, bugtraq <bugtraq@securityfocus.com> S-Quadra Advisory #2003-12-03 Topic: GnuPG 1.2.3, 1.3.3 external HKP interface format string issue Severity: Low Vendor URL: http://www.gnupg.org Advisory URL: http://www.s-quadra.com/advisories/Adv-20031203.txt Release date: 3 Dec 2003 1. DESCRIPTION GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application. GnuPG has external HKP inteface which is marked as experimental and not enabled by default in 1.2 stable branch and to use it you should compile GnuPG with '--enable-external-hkp' configuration option. Also, on 1.3 devel branch external HKP interface is enabled by default and to disable you should compile GnuPG with '--disable-hkp' configuration option. When the external HKP interface is enabled, GnuPG will make use of 'gpgkeys_hkp' utility for keyserver accesses. There exists a format string vulnerability in 'gpgkeys_hkp' utility which would allow a malicious keyserver in the worst case to execute an arbitrary code on the user's machine. 2. DETAILS The offending code can be found in keyserver/gpgkeys_hkp.c: <snip> int get_key(char *getkey) { int rc,gotit=0; char search[29]; char *request; struct http_context hd; ... if(verbose>2) fprintf(console,"gpgkeys: HTTP URL is \"%s\"\n",request); rc=http_open_document(&hd,request,http_flags); if(rc!=0) { fprintf(console,"gpgkeys: HKP fetch error: %s\n", rc==G10ERR_NETWORK?strerror(errno):g10_errstr(rc)); fprintf(output,"KEY 0x%s FAILED\n",getkey); } else { unsigned int maxlen=1024,buflen; byte *line=NULL; while(iobuf_read_line(hd.fp_read,&line,&buflen,&maxlen)) { maxlen=1024; if(gotit) { // S-Quadra: here is where format string bug lives fprintf(output,line); if(strcmp(line,"-----END PGP PUBLIC KEY BLOCK-----\n")==0) break; } else if(strcmp(line,"-----BEGIN PGP PUBLIC KEY BLOCK-----\n")==0) { // S-Quadra: here is where format string bug lives fprintf(output,line); gotit=1; } } ... return 0; } </snip> 3. FIX INFORMATION S-Quadra alerted GnuPG development team to this issue on 27th November 2003. For 1.2 branch fix available in CVS, latest devel version 1.3.4 also contains fix for the reported bug. 4. CREDITS Evgeny Legerov <e.legerov@s-quadra.com> is responsible for discovering this issue. 5. ABOUT S-Quadra offers services in computer security, penetration testing and network assesment, web application security, source code review and third party product vulnerability assesment, forensic support and reverse engineering. Security is an art and our goal is to bring responsible and high quality security service to the IT market, customized to meet the unique needs of each individual client. S-Quadra, (pronounced es quadra), is not an acronym. It's unique, creative and innovative - just like the security services we bring to our clients. S-Quadra Advisory #2003-12-03
taviso patched this in gnupg-1.2.3-r5.ebuild on 12/3/2003.
glsa 200312-05 <http://www.gentoo.org/security/en/glsa/glsa-200312-05.xml> sent as: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200312-05 - -------------------------------------------------------------------------- GLSA: 200312-05 Package: app-crypt/gnupg Summary: GnuPG ElGamal signing keys compromised and format string vulnerability Severity: minimal Gentoo bug: 34504, 35639 Date: 2003-12-12 CVE: CAN-2003-0971, CAN-2003-0978 Exploit: unknown Affected: <=1.2.3-r4 Fixed: >=1.2.3-r5 DESCRIPTION: Two flaws have been found in GnuPG 1.2.3. First, ElGamal signing keys can be compromised. These keys are not commonly used. Quote from <http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html>: "Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will reveal your private key within a few seconds." Second, there is a format string flaw in the 'gpgkeys_hkp' utility which "would allow a malicious keyserver in the worst case to execute an arbitrary code on the user's machine." See <http://www.s-quadra.com/advisories/Adv-20031203.txt> for details. SOLUTION: All users who have created ElGamal signing keys should immediately revoke them. Then, all Gentoo Linux machines with gnupg installed should be updated to use gnupg-1.2.3-r5 or higher. emerge sync emerge -pv '>=app-crypt/gnupg-1.2.3-r5' emerge '>=app-crypt/gnupg-1.2.3-r5' emerge clean // end -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/2XUCnt0v0zAqOHYRAlrEAJwNpCuOGrcBcjKnC/c/F3AOxsTX3gCfU9ah 0gaONEybmmq0x4/vJheoXwg= =F5DR -----END PGP SIGNATURE-----