GnuPG Incorrect Non-Detached Signature Verification Vulnerability
BID:17058
Info
GnuPG Incorrect Non-Detached Signature Verification Vulnerability
| Bugtraq ID: | 17058 |
| Class: | Design Error |
| CVE: |
CVE-2006-0049 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 09 2006 12:00AM |
| Updated: | Jan 02 2007 06:06PM |
| Credit: | Discovery is credited to Tavis Ormandy. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Secure Enterprise Linux 2.0 SuSE SUSE Linux Enterprise Server 8 SuSE Linux Enterprise Server 9 SuSE Linux Desktop 1.0 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 SGI ProPack 3.0 SP6 S.u.S.E. UnitedLinux 1.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 Redhat Linux 9.0 i386 Redhat Linux 7.3 i386 Redhat Fedora Core4 Redhat Fedora Core3 Redhat Fedora Core2 Redhat Fedora Core1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 GNU GNU Privacy Guard 1.4.2 .1 GNU GNU Privacy Guard 1.4.2 GNU GNU Privacy Guard 1.4.1 GNU GNU Privacy Guard 1.4 GNU GNU Privacy Guard 1.3.4 GNU GNU Privacy Guard 1.3.3 GNU GNU Privacy Guard 1.2.7 GNU GNU Privacy Guard 1.2.6 GNU GNU Privacy Guard 1.2.5 GNU GNU Privacy Guard 1.2.4 GNU GNU Privacy Guard 1.2.3 GNU GNU Privacy Guard 1.2.2 -rc1 GNU GNU Privacy Guard 1.2.2 -r1 GNU GNU Privacy Guard 1.2.2 GNU GNU Privacy Guard 1.2.1 GNU GNU Privacy Guard 1.2 GNU GNU Privacy Guard 1.0.7 GNU GNU Privacy Guard 1.0.6 GNU GNU Privacy Guard 1.0.5 GNU GNU Privacy Guard 1.0.4 GNU GNU Privacy Guard 1.0.3 b GNU GNU Privacy Guard 1.0.3 GNU GNU Privacy Guard 1.0.2 GNU GNU Privacy Guard 1.0.1 GNU GNU Privacy Guard 1.0 .6 GNU GNU Privacy Guard 1.0 GNU finger 1.0.7 GIMP GIMP 2.2.4 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 |
| Not Vulnerable: |
GNU GNU Privacy Guard 1.4.2 2 |
Discussion
GnuPG Incorrect Non-Detached Signature Verification Vulnerability
GnuPG is prone to a vulnerability involving incorrect verification of non-detached signatures.
A successful attack can allow an attacker to simply take a signed message, inject arbitrary data into it, and bypass verification.
Note that this issue also affects verification of signatures embedded in encrypted messages. Scripts and applications using gpg are affected, as are applications using the GPGME library.
GnuPG versions prior to 1.4.2.2 are vulnerable to this issue.
GnuPG is prone to a vulnerability involving incorrect verification of non-detached signatures.
A successful attack can allow an attacker to simply take a signed message, inject arbitrary data into it, and bypass verification.
Note that this issue also affects verification of signatures embedded in encrypted messages. Scripts and applications using gpg are affected, as are applications using the GPGME library.
GnuPG versions prior to 1.4.2.2 are vulnerable to this issue.
Exploit / POC
GnuPG Incorrect Non-Detached Signature Verification Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
GnuPG Incorrect Non-Detached Signature Verification Vulnerability
Solution:
The vendor has released version 1.4.2.2 to address this issue.
Please see the references for more information and fixes.
GNU GNU Privacy Guard 1.0
GNU GNU Privacy Guard 1.0 .6
GNU GNU Privacy Guard 1.0.1
GNU GNU Privacy Guard 1.0.2
GNU GNU Privacy Guard 1.0.3
GNU GNU Privacy Guard 1.0.4
GNU finger 1.0.7
GNU GNU Privacy Guard 1.0.7
GNU GNU Privacy Guard 1.2.1
GNU GNU Privacy Guard 1.2.2 -rc1
GNU GNU Privacy Guard 1.2.2 -r1
GNU GNU Privacy Guard 1.2.3
GNU GNU Privacy Guard 1.2.4
GNU GNU Privacy Guard 1.2.6
GNU GNU Privacy Guard 1.3.3
GNU GNU Privacy Guard 1.3.4
GNU GNU Privacy Guard 1.4
GNU GNU Privacy Guard 1.4.1
GNU GNU Privacy Guard 1.4.2 .1
GIMP GIMP 2.2.4
Solution:
The vendor has released version 1.4.2.2 to address this issue.
Please see the references for more information and fixes.
GNU GNU Privacy Guard 1.0
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.0 .6
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.0.1
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.0.2
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.0.3
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.0.4
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU finger 1.0.7
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.0.7
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.2.1
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/ -
Slackware gnupg-1.4.2.2-i386-1.tgz
Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/g nupg-1.4.2.2-i386-1.tgz
GNU GNU Privacy Guard 1.2.2 -rc1
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.2.2 -r1
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.2.3
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/ -
Slackware gnupg-1.4.2.2-i486-1.tgz
Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ gnupg-1.4.2.2-i486-1.tgz -
Slackware gnupg-1.4.2.2-i486-1.tgz
Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/g nupg-1.4.2.2-i486-1.tgz
GNU GNU Privacy Guard 1.2.4
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/ -
Mandriva gnupg-1.4.2.2-0.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva gnupg-1.4.2.2-0.1.C30mdk.i586.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva gnupg-1.4.2.2-0.1.C30mdk.src.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva gnupg-1.4.2.2-0.1.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva gnupg-1.4.2.2-0.1.C30mdk.x86_64.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva gnupg-1.4.2.2-0.1.M20mdk.i586.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads/ -
Slackware gnupg-1.4.2.2-i486-1.tgz
Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ gnupg-1.4.2.2-i486-1.tgz -
SuSE gpg-1.2.4-68.13.i586.rpm
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/gpg-1.2.4-68.13.i 586.rpm -
SuSE gpg-1.2.4-68.13.x86_64.rpm
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/gpg-1.2.4-68. 13.x86_64.rpm -
Ubuntu gnupg_1.2.4-4ubuntu2.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubunt u2.3_amd64.deb -
Ubuntu gnupg_1.2.4-4ubuntu2.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubunt u2.3_i386.deb -
Ubuntu gnupg_1.2.4-4ubuntu2.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubunt u2.3_powerpc.deb -
Ubuntu gpgv-udeb_1.4.1-1ubuntu1.2_i386.udeb
Updated packages for Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1u buntu1.2_i386.udeb -
Ubuntu gpgv-udeb_1.4.1-1ubuntu1.2_powerpc.udeb
Updated packages for Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1u buntu1.2_powerpc.udeb
GNU GNU Privacy Guard 1.2.6
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/ -
Trustix gnupg-1.2.6-2tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix gnupg-1.4.2.2-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix gnupg-utils-1.2.6-2tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix gnupg-utils-1.4.2.2-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates
GNU GNU Privacy Guard 1.3.3
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.3.4
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GNU GNU Privacy Guard 1.4
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/ -
Mandriva gnupg-1.4.2.2-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download -
Mandriva gnupg-1.4.2.2-0.1.102mdk.src.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download -
Mandriva gnupg-1.4.2.2-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download -
Mandriva gnupg-1.4.2.2-0.1.102mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva gnupg-1.4.2.2-0.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva gnupg-1.4.2.2-0.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads/ -
SuSE gpg-1.4.0-4.4.i586.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/gpg-1.4.0-4.4.i58 6.rpm -
SuSE gpg-1.4.0-4.4.x86_64.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/gpg-1.4.0-4.4.x 86_64.rpm
GNU GNU Privacy Guard 1.4.1
-
Debian gnupg_1.4.1-1.sarge3_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sar ge3_alpha.deb -
Debian gnupg_1.4.1-1.sarge3_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sar ge3_amd64.deb -
Debian gnupg_1.4.1-1.sarge3_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sar ge3_arm.deb -
Debian gnupg_1.4.1-1.sarge3_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sar ge3_hppa.deb -
Debian gnupg_1.4.1-1.sarge3_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sar ge3_i386.deb -
Debian gnupg_1.4.1-1.sarge3_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sar ge3_ia64.deb -
Debian gnupg_1.4.1-1.sarge3_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sar ge3_m68k.deb -
Debian gnupg_1.4.1-1.sarge3_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sar ge3_mips.deb -
Debian gnupg_1.4.1-1.sarge3_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sar ge3_mipsel.deb -
Debian gnupg_1.4.1-1.sarge3_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sar ge3_powerpc.deb -
Debian gnupg_1.4.1-1.sarge3_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sar ge3_s390.deb -
Debian gnupg_1.4.1-1.sarge3_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sar ge3_sparc.deb -
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/ -
RedHat Fedora gnupg-1.4.2.2-1.i386.rpm
Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ -
RedHat Fedora gnupg-1.4.2.2-1.ppc.rpm
Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ -
RedHat Fedora gnupg-1.4.2.2-1.x86_64.rpm
Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ -
RedHat Fedora gnupg-debuginfo-1.4.2.2-1.i386.rpm
Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ -
RedHat Fedora gnupg-debuginfo-1.4.2.2-1.ppc.rpm
Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ -
RedHat Fedora gnupg-debuginfo-1.4.2.2-1.x86_64.rpm
Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ -
Ubuntu gnupg_1.4.1-1ubuntu1.2_amd64.deb
Updated packages for Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubunt u1.2_amd64.deb -
Ubuntu gnupg_1.4.1-1ubuntu1.2_i386.deb
Updated packages for Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubunt u1.2_i386.deb -
Ubuntu gnupg_1.4.1-1ubuntu1.2_powerpc.deb
Updated packages for Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubunt u1.2_powerpc.deb -
Ubuntu gpgv-udeb_1.4.1-1ubuntu1.2_amd64.udeb
Updated packages for Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1u buntu1.2_amd64.udeb
GNU GNU Privacy Guard 1.4.2 .1
-
GNU GNU Privacy Guard 1.4.2.2
http://www.gnupg.org/download/
GIMP GIMP 2.2.4
-
Mandriva gnupg-1.4.2.2-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva gnupg-1.4.2.2-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://wwwnew.mandriva.com/en/downloads/
References
GnuPG Incorrect Non-Detached Signature Verification Vulnerability
References:
References:
- GNU Privacy Guard Home Page (GNU)
- GnuPG does not detect injection of unsigned data (Werner Koch)
- RHSA-2006:0266-8 - gnupg security update (RedHat)
- GnuPG does not detect injection of unsigned data (Werner Koch
)