Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 122721 - app-crypt/gnupg: improper signature verification [CVE-2006-0455]
Summary: app-crypt/gnupg: improper signature verification [CVE-2006-0455]
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B3? [glsa] DerCorny
Depends on:
Reported: 2006-02-13 12:09 UTC by Tavis Ormandy (RETIRED)
Modified: 2006-11-11 19:56 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Tavis Ormandy (RETIRED) gentoo-dev 2006-02-13 12:09:18 UTC
The gpg man page states "RETURN VALUE, The program returns 0 if everything was fine, 1 if at least a signature was bad, and other error codes for fatal errors.", as gpg is often used as a backend the return value is often used to determine whether a signature verified correctly.

For example, you have an automated system that verifies a file has been signed by a key on a keyring that contains the public keys that you trust to provide the correct file. You might use:

gpg --batch --no-default-keyring --keyring trustedpeople.gpg --verify file.sig file

This command should return success if the file is signed by a key on trustedpeople.gpg, failure if file.sig is invalid, or not a signature file. I dicovered that a file consisting of multiple 0xca bytes will cause gpg to always return success, I think this might be a bug that could potentially have security impact in the scenarios similar to the one described above.


$ perl -e 'print "\xca"x"64"' > input.sig 
$ gpg --verify input.sig anyfile; echo $?

The 0xca file also works when encoded in base64 in clearsigned (armored?) messages. 

I've added Werner Koch to cc, who hopefully will be kind enough to provide some input? :)
Comment 1 Tavis Ormandy (RETIRED) gentoo-dev 2006-02-14 08:52:14 UTC
I've noticed a fix was committed for this issue to svn, so we can unrestrict this bug now.

Werner: in your opinion, does this bug warrant an update?
Comment 2 Tavis Ormandy (RETIRED) gentoo-dev 2006-02-15 07:15:24 UTC
GnuPG project has released to address this issue, moving into vulnerabilities.

Crypto herd: please provide updated ebuilds.
Comment 3 Marcelo Goes (RETIRED) gentoo-dev 2006-02-15 07:51:02 UTC
Comment 4 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-15 07:56:33 UTC
arches please test and mark stable, thanks
Comment 5 Mike Doty (RETIRED) gentoo-dev 2006-02-15 09:12:24 UTC
amd64 stable
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2006-02-15 11:15:58 UTC
ppc stable
Comment 7 Markus Rothe (RETIRED) gentoo-dev 2006-02-15 13:20:21 UTC
stable on ppc64
Comment 8 Mark Loeser (RETIRED) gentoo-dev 2006-02-15 14:23:58 UTC
x86 done
Comment 9 Jason Wever (RETIRED) gentoo-dev 2006-02-15 19:54:57 UTC
Comment 10 René Nussbaumer (RETIRED) gentoo-dev 2006-02-15 22:22:53 UTC
Stable on hppa
Comment 11 Bryan Østergaard (RETIRED) gentoo-dev 2006-02-18 03:05:31 UTC
Stable on alpha + ia64.
Comment 12 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-18 03:11:34 UTC
ok, glsa vote i guess. I vote YES.
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2006-02-18 04:21:37 UTC
Yes too, GLSA draft is in and ready.
Comment 14 Thierry Carrez (RETIRED) gentoo-dev 2006-02-18 06:27:38 UTC
GLSA 200602-10
arm mips and s390 should remember to mark stable to benefit from GLSA
Comment 15 Joshua Kinard gentoo-dev 2006-02-26 12:05:27 UTC
mips stable.