Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 122721

Summary: app-crypt/gnupg: improper signature verification [CVE-2006-0455]
Product: Gentoo Security Reporter: Tavis Ormandy (RETIRED) <taviso>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: crypto+disabled, schaedpq
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
Whiteboard: B3? [glsa] DerCorny
Package list:
Runtime testing required: ---

Description Tavis Ormandy (RETIRED) gentoo-dev 2006-02-13 12:09:18 UTC 
The gpg man page states "RETURN VALUE, The program returns 0 if everything was fine, 1 if at least a signature was bad, and other error codes for fatal errors.", as gpg is often used as a backend the return value is often used to determine whether a signature verified correctly.

For example, you have an automated system that verifies a file has been signed by a key on a keyring that contains the public keys that you trust to provide the correct file. You might use:

gpg --batch --no-default-keyring --keyring trustedpeople.gpg --verify file.sig file

This command should return success if the file is signed by a key on trustedpeople.gpg, failure if file.sig is invalid, or not a signature file. I dicovered that a file consisting of multiple 0xca bytes will cause gpg to always return success, I think this might be a bug that could potentially have security impact in the scenarios similar to the one described above.

Reproduce:

$ perl -e 'print "\xca"x"64"' > input.sig 
$ gpg --verify input.sig anyfile; echo $?

The 0xca file also works when encoded in base64 in clearsigned (armored?) messages. 

I've added Werner Koch to cc, who hopefully will be kind enough to provide some input? :)
Comment 1 Tavis Ormandy (RETIRED) gentoo-dev 2006-02-14 08:52:14 UTC 
I've noticed a fix was committed for this issue to svn, so we can unrestrict this bug now.

Werner: in your opinion, does this bug warrant an update?
Comment 2 Tavis Ormandy (RETIRED) gentoo-dev 2006-02-15 07:15:24 UTC 
GnuPG project has released 1.4.2.1 to address this issue, moving into vulnerabilities.

Crypto herd: please provide updated ebuilds.
Comment 3 Marcelo Goes (RETIRED) gentoo-dev 2006-02-15 07:51:02 UTC 
Done.
Comment 4 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-15 07:56:33 UTC 
arches please test and mark stable, thanks
Comment 5 Mike Doty (RETIRED) gentoo-dev 2006-02-15 09:12:24 UTC 
amd64 stable
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2006-02-15 11:15:58 UTC 
ppc stable
Comment 7 Markus Rothe (RETIRED) gentoo-dev 2006-02-15 13:20:21 UTC 
stable on ppc64
Comment 8 Mark Loeser (RETIRED) gentoo-dev 2006-02-15 14:23:58 UTC 
x86 done
Comment 9 Jason Wever (RETIRED) gentoo-dev 2006-02-15 19:54:57 UTC 
SPARC'd
Comment 10 René Nussbaumer (RETIRED) gentoo-dev 2006-02-15 22:22:53 UTC 
Stable on hppa
Comment 11 Bryan Østergaard (RETIRED) gentoo-dev 2006-02-18 03:05:31 UTC 
Stable on alpha + ia64.
Comment 12 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-18 03:11:34 UTC 
ok, glsa vote i guess. I vote YES.
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2006-02-18 04:21:37 UTC 
Yes too, GLSA draft is in and ready.
Comment 14 Thierry Carrez (RETIRED) gentoo-dev 2006-02-18 06:27:38 UTC 
GLSA 200602-10
arm mips and s390 should remember to mark stable to benefit from GLSA
Comment 15 Joshua Kinard gentoo-dev 2006-02-26 12:05:27 UTC 
mips stable.