Package: gnupg Version: 1.4.2-2 Severity: important Tags: security On Wed, Feb 15, 2006 at 08:49:25AM +0100, Werner Koch wrote: > False positive signature verification in GnuPG > ============================================== > > Summary > ======= > > The Gentoo project identified a security related bug in GnuPG. When > using any current version of GnuPG for unattended signature > verification (e.g. by scripts and mail programs), false positive > signature verification of detached signatures may occur. > > This problem affects the tool *gpgv*, as well as using "gpg --verify" > to imitate gpgv, if only the exit code of the process is used to > decide whether a detached signature is valid. This is a plausible > mode of operation for gpgv. > > If, as suggested, the --status-fd generated output is used to decide > whether a signature is valid, no problem exists. In particular > applications making use of the GPGME library[2] are not affected. > > To solve this problem an update of the current stable version has been > released (see below). > > Please do not send private mail in response to this message. The > mailing list gnupg-devel is the best place to discuss this problem > (please subscribe first so you don't need moderator approval [1]). > > > Impact: > ======= > > Signature verification of detached signatures does not work, thus > modified versions of signature protected files may not be detected. > > All versions of gnupg prior to 1.4.2.1 are affected if they are used > in certain unattended operation modes. > > There is no problem using GnuPG in an interactive way because GnuPG > won't print any signature status at all; i.e. no "Good signature". > > Scripts and applications using gpg or gpgv with the --status-fd option > and properly parsing this output are not affected. > > Applications using the GPGME library[2] are not affected. > > The GnuPG versions 1.9 are not affected unless the currently > deprecated gpg part has been enabled. > > > Solution: > ========= > > Update GnuPG as soon as possible to version 1.4.2.1. There are no > fixes for older versions available, although the fix described below > may be adjusted for them. > > To update please follow the instructions found at > http://www.gnupg.org/download/ or read on: > > GnuPG 1.4.2.1 may be downloaded from one of the GnuPG mirror sites or > direct from ftp://ftp.gnupg.org/gcrypt/ . The list of mirrors can be > found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not > available at ftp.gnu.org. > > On the mirrors you should find the following files in the *gnupg* > directory: > > gnupg-1.4.2.1.tar.bz2 (2.8M) > gnupg-1.4.2.1.tar.bz2.sig > > GnuPG source compressed using BZIP2 and OpenPGP signature. > > gnupg-1.4.2.1.tar.gz (4.0M) > gnupg-1.4.2.1.tar.gz.sig > > GnuPG source compressed using GZIP and OpenPGP signature. > > gnupg-1.4.2-1.4.2.1.diff.bz2 (39k) > > A patch file to upgrade a 1.4.2 GnuPG source. > > Select one of them. To shorten the download time, you probably want to > get the BZIP2 compressed file. Please try another mirror if > exceptional your mirror is not yet up to date. > > In the *binary* directory, you should find these files: > > gnupg-w32cli-1.4.2.1.exe (1.4M) > gnupg-w32cli-1.4.2.1.exe.sig > > GnuPG compiled for Microsoft Windows and OpenPGP signature. > Note that this is a command line version and now comes with a > graphical installer tool. The source files are the same as > given above. Note, that a new version of the Gpg4Win > package[3], including an updated version of GnuPG, will be > available later today. > > > In order to check that the version of GnuPG which you are going to > install is an original and unmodified one, you can do it in one of > the following ways: > > * If you already have a trusted version of GnuPG installed, you > can simply check the supplied signature. For example to check the > signature of the file gnupg-1.4.2.1.tar.bz2 you would use this command: > > gpg --verify gnupg-1.4.2.1.tar.bz2.sig > > This checks whether the signature file matches the source file. > You should see a message indicating that the signature is good and > made by that signing key. Make sure that you have the right key, > either by checking the fingerprint of that key with other sources > or by checking that the key has been signed by a trustworthy other > key. Note, that you can retrieve the signing key using "finger wk > 'at' g10code.com" or "finger dd9jn 'at' gnu.org" or using the > keyservers. From time to time I prolong the expiration date; thus > you might need a fresh copy of that key. > > Never use a GnuPG version you just downloaded to check the > integrity of the source - use an existing GnuPG installation! > Watch out for a "Good signature" messages. > > * If you are not able to use an old version of GnuPG, you have to > verify the SHA-1 checksum. Assuming you downloaded the file > gnupg-1.4.2.1.tar.bz2, you would run the sha1sum command like this: > > sha1sum gnupg-1.4.2.1.tar.bz2 > > and check that the output matches the first line from the > following list: > > 1c0306ade25154743d6f6f9ac05bee74c55c6eda gnupg-1.4.2.1.tar.bz2 > cefc74560f21bde74eed298d86460612cd7e12ee gnupg-1.4.2.1.tar.gz > 98d597b1a9871b4aadc820d8641b36ce09125612 gnupg-1.4.2-1.4.2.1.diff.bz2 > a4db35a72d72df8e76751adc6f013b4c96112fd4 gnupg-w32cli-1.4.2.1.exe > > > Background: > =========== > > If a file with arbitrary data, for example 64 times the character > 0xCA, is used as the detached signature, any data file will lead to > gpg exiting with 0 (success). There won't be any messages indicating > that the signature is valid or false: > > $ fortune >x.txt > $ perl -e 'print "\xca"x"64"' >x.txt.sig > $ gpgv x.txt.sig x.txt > $ echo $? > 0 > > Cleary this should not return success. > > The same problem appears when using "gpg --verify" in place of gpgv. > However in this case any application should to do further checks to > make sure that the key verifying the signature is actually the desired > one, thus using "gpg --verify" without processing the --status-fd > generated output is in general the wrong approach. > > The fixed version makes sure that gpgv and "gpg --verify" won't return > success if no signature has been seen. A minimal but sufficient fix > against 1.4.2 and possible older versions is: > > ====8<============ > --- g10/mainproc.c (revision 4001) > +++ g10/mainproc.c (working copy) > @@ -77,6 +77,7 @@ > int op; > int stop_now; > } pipemode; > + int any_sig_seen; /* Set to true if a signature packet has been seen. */ > }; > > > @@ -217,6 +218,7 @@ > { > KBNODE node; > > + c->any_sig_seen = 1; > if( pkt->pkttype == PKT_SIGNATURE && !c->list ) { > /* This is the first signature for the following datafile. > * GPG does not write such packets; instead it always uses > @@ -1137,6 +1139,18 @@ > c->signed_data = signedfiles; > c->sigfilename = sigfilename; > rc = do_proc_packets( c, a ); > + > + /* If we have not encountered any signature we print an error > + messages, send a NODATA status back and return an error code. > + Using log_error is required because verify_files does not check > + error codes for each file but we want to terminate the process > + with an error. */ > + if (!rc && !c->any_sig_seen) > + { > + write_status_text (STATUS_NODATA, "4"); > + log_error (_("no signature found\n")); > + rc = -1; > + } > m_free( c ); > return rc; > } > ====>8============ > > Note that the released version also includes a test case for this bug > and prints an additional diagnostic. With the patch above the output > using the same test data as above should be: > > $ gpgv x.txt.sig x.txt > gpgv: no signature found > gpgv: verify signatures failed: eof > $ echo $? > 2 > > > > Thanks > ====== > > taviso from the Gentoo project found this vulnerability and informed > me on Monday evening. Unfortunately I had already switched off my > monitor at that time. The update has been released yesterday evening > (CET). > > > > Salam-Shalom, > > Werner > > > > [1] http://lists.gnupg.org/mailman/listinfo/gnupg-devel > [2] http://www.gnupg.org/related_software/gpgme > [3] http://www.gpg4win.org > > -- > Werner Koch <[EMAIL PROTECTED]> > The GnuPG Experts http://g10code.com > Free Software Foundation Europe http://fsfeurope.org > Join the Fellowship and protect your Freedom! http://www.fsfe.org
> _______________________________________________ > Gnupg-announce mailing list > [EMAIL PROTECTED] > http://lists.gnupg.org/mailman/listinfo/gnupg-announce -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
