CVE-2006-0049
CVSS5.0
发布时间 :2006-03-13 16:06:00
修订时间 :2011-03-07 21:29:13
NMCOPS    

[原文]gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.


[CNNVD]GnuPG内置签名验证漏洞(CNNVD-200603-226)

        GnuPG是基于OpenPGP标准的PGP加密、解密、签名工具。
        GnuPG在处理邮件内置的签名时存在验证漏洞,攻击者可能利用此漏洞在邮件中插入额外的数据。
        GnuPG在提取已签名的数据时,数据可能前置或后缀了签名没有没有覆盖到的额外数据,这样攻击者就可以利用签名消息注入额外的任意数据。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:gnu:privacy_guard:1.0.2GNU GNU Privacy Guard 1.0.2
cpe:/a:gnu:privacy_guard:1.3.4GNU GNU Privacy Guard 1.3.4
cpe:/a:gnu:privacy_guard:1.0.3GNU GNU Privacy Guard 1.0.3
cpe:/a:gnu:privacy_guard:1.3.3GNU GNU Privacy Guard 1.3.3
cpe:/a:gnu:privacy_guard:1.4.2GNU GNU Privacy Guard 1.4.2
cpe:/a:gnu:privacy_guard:1.0.7GNU GNU Privacy Guard 1.0.7
cpe:/a:gnu:privacy_guard:1.0.5GNU GNU Privacy Guard 1.0.5
cpe:/a:gnu:privacy_guard:1.2.1GNU GNU Privacy Guard 1.2.1
cpe:/a:gnu:privacy_guard:1.4.2.1GNU GNU Privacy Guard 1.4.2.1
cpe:/a:gnu:privacy_guard:1.0.3b
cpe:/a:gnu:privacy_guard:1.2.4GNU GNU Privacy Guard 1.2.4
cpe:/a:gnu:privacy_guard:1.4.1GNU GNU Privacy Guard 1.4.1
cpe:/a:gnu:privacy_guard:1.0.6GNU GNU Privacy Guard 1.0.6
cpe:/a:gnu:privacy_guard:1.0.4GNU GNU Privacy Guard 1.0.4
cpe:/a:gnu:privacy_guard:1.2.6GNU GNU Privacy Guard 1.2.6
cpe:/a:gnu:privacy_guard:1.0GNU GNU Privacy Guard 1.0
cpe:/a:gnu:privacy_guard:1.2.5GNU GNU Privacy Guard 1.2.5
cpe:/a:gnu:privacy_guard:1.4GNU GNU Privacy Guard 1.4
cpe:/a:gnu:privacy_guard:1.0.1GNU GNU Privacy Guard 1.0.1
cpe:/a:gnu:privacy_guard:1.2GNU GNU Privacy Guard 1.2
cpe:/a:gnu:privacy_guard:1.2.3GNU GNU Privacy Guard 1.2.3
cpe:/a:gnu:privacy_guard:1.2.2GNU GNU Privacy Guard 1.2.2
cpe:/a:gnu:privacy_guard:1.2.7GNU GNU Privacy Guard 1.2.7
cpe:/a:gnu:privacy_guard:1.2.2:rc1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10063gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data pack...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0049
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0049
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200603-226
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/17058
(PATCH)  BID  17058
http://www.securityfocus.com/archive/1/archive/1/427324/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060309 GnuPG does not detect injection of unsigned data
http://www.osvdb.org/23790
(PATCH)  OSVDB  23790
http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200603-08
http://www.debian.org/security/2006/dsa-993
(VENDOR_ADVISORY)  DEBIAN  DSA-993
http://securitytracker.com/id?1015749
(PATCH)  SECTRACK  1015749
http://secunia.com/advisories/19173
(VENDOR_ADVISORY)  SECUNIA  19173
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
(VENDOR_ADVISORY)  MLIST  [gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data
http://www.vupen.com/english/advisories/2006/0915
(UNKNOWN)  VUPEN  ADV-2006-0915
http://www.ubuntulinux.org/support/documentation/usn/usn-264-1
(UNKNOWN)  UBUNTU  USN-264-1
http://xforce.iss.net/xforce/xfdb/25184
(UNKNOWN)  XF  gnupg-nondetached-sig-verification(25184)
http://www.trustix.org/errata/2006/0014
(UNKNOWN)  TRUSTIX  2006-0014
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477
(UNKNOWN)  SLACKWARE  SSA:2006-072-02
http://www.securityfocus.com/archive/1/archive/1/433931/100/0/threaded
(UNKNOWN)  FEDORA  FLSA-2006:185355
http://www.redhat.com/support/errata/RHSA-2006-0266.html
(UNKNOWN)  REDHAT  RHSA-2006:0266
http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html
(UNKNOWN)  FEDORA  FEDORA-2006-147
http://www.mandriva.com/security/advisories?name=MDKSA-2006:055
(UNKNOWN)  MANDRIVA  MDKSA-2006:055
http://securityreason.com/securityalert/568
(UNKNOWN)  SREASON  568
http://securityreason.com/securityalert/450
(UNKNOWN)  SREASON  450
http://secunia.com/advisories/19532
(UNKNOWN)  SECUNIA  19532
http://secunia.com/advisories/19287
(UNKNOWN)  SECUNIA  19287
http://secunia.com/advisories/19249
(UNKNOWN)  SECUNIA  19249
http://secunia.com/advisories/19244
(UNKNOWN)  SECUNIA  19244
http://secunia.com/advisories/19234
(UNKNOWN)  SECUNIA  19234
http://secunia.com/advisories/19232
(UNKNOWN)  SECUNIA  19232
http://secunia.com/advisories/19231
(UNKNOWN)  SECUNIA  19231
http://secunia.com/advisories/19203
(UNKNOWN)  SECUNIA  19203
http://secunia.com/advisories/19197
(UNKNOWN)  SECUNIA  19197
http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html
(UNKNOWN)  SUSE  SUSE-SA:2006:014
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
(UNKNOWN)  SGI  20060401-01-U

- 漏洞信息

GnuPG内置签名验证漏洞
中危 设计错误
2006-03-13 00:00:00 2006-03-14 00:00:00
远程  
        GnuPG是基于OpenPGP标准的PGP加密、解密、签名工具。
        GnuPG在处理邮件内置的签名时存在验证漏洞,攻击者可能利用此漏洞在邮件中插入额外的数据。
        GnuPG在提取已签名的数据时,数据可能前置或后缀了签名没有没有覆盖到的额外数据,这样攻击者就可以利用签名消息注入额外的任意数据。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        GNU GNU Privacy Guard 1.0
        GNU GNU Privacy Guard 1.4.2.2
        http://www.gnupg.org/download/
        GNU GNU Privacy Guard 1.0 .6
        GNU GNU Privacy Guard 1.4.2.2
        http://www.gnupg.org/download/
        GNU GNU Privacy Guard 1.0.1
        GNU GNU Privacy Guard 1.4.2.2
        http://www.gnupg.org/download/
        GNU GNU Privacy Guard 1.0.2
        GNU GNU Privacy Guard 1.4.2.2
        http://www.gnupg.org/download/
        GNU GNU Privacy Guard 1.0.3
        GNU GNU Privacy Guard 1.4.2.2
        http://www.gnupg.org/download/
        GNU GNU Privacy Guard 1.0.4
        GNU GNU Privacy Guard 1.4.2.2
        http://www.gnupg.org/download/
        GNU finger 1.0.7
        GNU GNU Privacy Guard 1.4.2.2
        http://www.gnupg.org/download/
        GNU GNU Privacy Guard 1.0.7
        GNU GNU Privacy Guard 1.4.2.2
        http://www.gnupg.org/download/
        GNU GNU Privacy Guard 1.2.1
        GNU GNU Privacy Guard 1.4.2.2
        http://www.gnupg.org/download/
        Slackware gnupg-1.4.2.2-i386-1.tgz
        Slackware 9.0:
        ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/g nupg-1.4.2.2-i386-1.tgz
        GNU GNU Privacy Guard 1.2.2 -rc1
        GNU GNU Privacy Guard 1.4.2.2
        http://www.gnupg.org/download/
        GNU GNU Privacy Guard 1.2.2 -r1
        GNU GNU Privacy Guard 1.4.2.2
        http://www.gnupg.org/download/
        GNU GNU Privacy Guard 1.2.3
        GNU GNU Privacy Guard 1.4.2.2
        http://www.gnupg.org/download/
        Slackware gnupg-1.4.2.2-i486-1.tgz
        Slackware 10.0:
        ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ gnupg-1.4.2.2-i486-1.tgz
        Slackware gnupg-1.4.2.2-i486-1.tgz
        Slackware 9.1:
        ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/g nupg-1.4.2.2-i486-1.tgz
        GNU GNU Privacy Guard 1.2.4
        GNU GNU Privacy Guard 1.4.2.2
        http://www.gnupg.org/download/
        Mandriva gnupg-1.4.2.2-0.1.C30mdk.i586.rpm
        Corporate 3.0:
        http://www.mandriva.com/en/download
        Mandriva gnupg-1.4.2.2-0.1.C30mdk.i586.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads/
        Mandriva gnupg-1.4.2.2-0.1.C30mdk.src.rpm
        Corporate 3.0:
        http://www.mandriva.com/en/download
        Mandriva gnupg-1.4.2.2-0.1.C30mdk.x86_64.rpm
        Corporate 3.0:
        http://www.mandriva.com/en/download
        Mandriva gnupg-1.4.2.2-0.1.C30mdk.x86_64.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads/
        Mandriva gnupg-1.4.2.2-0.1.M20mdk.i586.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads/
        Slackware gnupg-1.4.2.2-i486-1.tgz
        Slackware 10.0:
        ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ gnupg-1.4.2.2-i486-1.tgz
        SuSE gpg-1.2.4-68.13.i586.rpm
        SUSE LINUX 9.1:
        ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/gpg-1.2.4-68.13.i 586.rpm
        SuSE gpg-1.2.4-68.13.x86_64.rpm
        SUSE LINUX 9.1:
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/gpg-1.2.4-68. 13.x86_64.rpm
        Ubuntu gnupg_1.2.4-4ubuntu2.3_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubunt u2.3_amd64.deb
        Ubuntu gnupg_1.2.4-4ubuntu2.3_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubunt u2.3_i386.deb
        Ubuntu gnupg_1.2.4-4ubuntu2.3_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubunt u2.3_powerpc.deb
        Ubuntu gpgv-udeb_1.4.1-1ubuntu1.2_i386.udeb
        Updated packages for Ubuntu 5.04:
        http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1u buntu1.2_i386.udeb
        Ubuntu gpgv-udeb_1.4.1-1ubuntu1.2_powerpc.udeb
        Updated packages for Ubuntu 5.04:
        http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1u buntu1.2_powerpc.udeb
        GNU GNU Privacy Guard 1.2.6
        GNU GNU Privacy Guard 1.4.2.2
        http://www.gnupg.org/download/
        Trustix gnupg-1.2.6-2tr.i586.rpm
        TSL 2.2
        ftp://ftp.trustix.org/pub/trustix/updates
        Trustix gnupg-1.4.2.2-1tr.i586.rpm
        TSL 3.0
        ftp://ftp.trustix.org/pub/trustix/updates
        Trustix gnupg-utils-1.2.6-2tr.i586.rpm
        TSL 2.2
        ftp://ftp.trustix.org/pub/trustix/updates
        Trustix gnupg-utils-1.4.2.2-1tr.i586.rpm
        TSL 3.0
        ftp://ftp.trustix.org/pub/trustix/updates
        GNU GNU Privacy Guard 1.3.3
        GNU GNU Privacy Guard 1.4.2.2
        http://www.gnupg.org/download/
        GNU

- 漏洞信息 (F44566)

Debian Linux Security Advisory 993-1 (PacketStormID:F44566)
2006-03-11 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-0049
[点击下载]

Debian Security Advisory DSA 993-1 - Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP replacement, can be tricked to emit a "good signature" status message when a valid signature is included which does not belong to the data packet.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 993-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
March 10th, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gnupg
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-0049

Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP
replacement, can be tricked to emit a "good signature" status message
when a valid signature is included which does not belong to the data
packet.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 1.4.1-1.sarge3.

For the unstable distribution (sid) this problem has been fixed in
version 1.4.2.2-1.

We recommend that you upgrade your gnupg package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3.dsc
      Size/MD5 checksum:      680 8f2f1848dcdfe9d143d8e9352ef918ca
    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3.diff.gz
      Size/MD5 checksum:    19639 9ffb89fa0a770568ddd80a11e3eada78
    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
      Size/MD5 checksum:  4059170 1cc77c6943baaa711222e954bbd785e5

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_alpha.deb
      Size/MD5 checksum:  2155538 07b4643bf4cd05639a261fa0b3fa6a89

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_amd64.deb
      Size/MD5 checksum:  1963222 52cdf1bb1a228427abd31abff411a946

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_arm.deb
      Size/MD5 checksum:  1899232 c52b0d652506e2384340d67f8126a1b2

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_i386.deb
      Size/MD5 checksum:  1908754 cd9c2257b8c7149a92131abbdaef498c

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_ia64.deb
      Size/MD5 checksum:  2324736 3553c75fac7cdc0a7d157c20aad4525c

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_hppa.deb
      Size/MD5 checksum:  2004042 2bb61f214979d403de8e3eab35c4ef00

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_m68k.deb
      Size/MD5 checksum:  1810978 8da1cbf5b8291ff54194010881832bf1

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_mips.deb
      Size/MD5 checksum:  2000618 dfcf0ab7c9f5b3aada55bc27c1f1119d

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_mipsel.deb
      Size/MD5 checksum:  2007396 6d99bcd4559ef9a73d43cedd8b8d1680

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_powerpc.deb
      Size/MD5 checksum:  1957560 570ae516c68d6803aeafce048e0f978c

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_s390.deb
      Size/MD5 checksum:  1966774 2f4a27beba4ff1fc96ef11d9e77b7ec1

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_sparc.deb
      Size/MD5 checksum:  1897162 8520ccf5a05546d18a641a480b5926ac


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFEEeOFW5ql+IAeqTIRAstQAKCvGE5kcoubd8uAZY6UkoZJbTWzjgCdHCZI
q7HlIdlvCJKZH2Ztu0b4l94=
=xtSc
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F44560)

gnupgDetect.txt (PacketStormID:F44560)
2006-03-11 00:00:00
Werner Koch  gnupg.org
advisory,arbitrary
CVE-2006-0049
[点击下载]

All versions of gnupg prior to 1.4.2.2 do not detect injection of unsigned data. Signature verification of non-detached signatures may give a positive result but when extracting the signed data, this data may be prepended or appended with extra data not covered by the signature. Thus it is possible for an attacker to take any signed message and inject extra arbitrary data.

GnuPG does not detect injection of unsigned data
           ================================================
                 (released 2006-03-09, CVE-2006-0049)


Summary
=======

In the aftermath of the false positive signature verfication bug
(announced 2006-02-15) more thorough testing of the fix has been done
and another vulnerability has been detected.

This new problem affects the use of *gpg* for verification of
signatures which are _not_ detached signatures.  The problem also
affects verification of signatures embedded in encrypted messages;
i.e. standard use of gpg for mails.

To solve this problem, an update of the current stable version has
been released (see below).

Please do not respond to this message.  The mailing list gnupg-devel
is the best place to discuss this problem (please subscribe first so
you don't need moderator approval [1]).


Impact:
=======

Signature verification of non-detached signatures may give a positive
result but when extracting the signed data, this data may be prepended
or appended with extra data not covered by the signature.  Thus it is
possible for an attacker to take any signed message and inject extra
arbitrary data.

Detached signatures (a separate signature file) are not affected.

All versions of gnupg prior to 1.4.2.2 are affected.

Scripts and applications using gpg to verify the integrity of data are
affected. This includes applications using the GPGME library[2].

The GnuPG version 1.9.x is not affected unless the currently
deprecated gpg part has been enabled.


Solution:
=========

Update GnuPG as soon as possible to version 1.4.2.2.  There are no
fixes for older versions available.

If you can't get an update from your vendor, please follow the
instructions found at http://www.gnupg.org/download/ or read on:

GnuPG 1.4.2.2 may be downloaded from one of the GnuPG mirror sites or
direct from ftp://ftp.gnupg.org/gcrypt/ .  The list of mirrors can be
found at http://www.gnupg.org/mirrors.html .  Note, that GnuPG is not
available at ftp.gnu.org.

On the mirrors you should find the following files in the *gnupg*
directory:

  gnupg-1.4.2.2.tar.bz2 (2.8M)
  gnupg-1.4.2.2.tar.bz2.sig

      GnuPG source compressed using BZIP2 and OpenPGP signature.

  gnupg-1.4.2.2.tar.gz (4.0M)
  gnupg-1.4.2.2.tar.gz.sig

      GnuPG source compressed using GZIP and OpenPGP signature.

  gnupg-1.4.2.1-1.4.2.2.diff.bz2 (101k)

      A patch file to upgrade a 1.4.2.1 GnuPG source. 

Select one of them. To shorten the download time, you probably want to
get the BZIP2 compressed file.  Please try another mirror if
exceptional your mirror is not yet up to date.

In the *binary* directory, you should find these files:

  gnupg-w32cli-1.4.2.2.exe (1.4M)
  gnupg-w32cli-1.4.2.2.exe.sig

      GnuPG compiled for Microsoft Windows and OpenPGP signature.
      Note that this is a command line version and now comes with a
      graphical installer tool.  The source files are the same as
      given above.  Note, that a new version of the Gpg4Win
      package[3], including a fixed version of GnuPG has also been
      released today.


In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:

 * If you already have a trusted version of GnuPG installed, you can
   simply check the supplied signature.  Due to the fact that detached
   signatures are used, the problem described here does not affect
   this verification.  For example to check the signature of the file
   gnupg-1.4.2.2.tar.bz2 you would use this command:

     gpg --verify gnupg-1.4.2.2.tar.bz2.sig

   This checks whether the signature file matches the source file.
   You should see a message indicating that the signature is good and
   made by that signing key.  Make sure that you have the right key,
   either by checking the fingerprint of that key with other sources
   or by checking that the key has been signed by a trustworthy other
   key.  Note, that you can retrieve the signing key using "finger wk
   'at' g10code.com" or "finger dd9jn 'at' gnu.org" or using the
   keyservers.  From time to time I prolong the expiration date; thus
   you might need a fresh copy of that key.

   Never use a GnuPG version you just downloaded to check the
   integrity of the source - use an existing GnuPG installation!
   Watch out for a "Good signature" messages.

 * If you are not able to use an old version of GnuPG, you have to
   verify the SHA-1 checksum.  Assuming you downloaded the file
   gnupg-1.4.2.1.tar.bz2, you would run the sha1sum command like this:

     sha1sum gnupg-1.4.2.2.tar.bz2

   and check that the output matches the first line from the
   following list:

f5559ddb004e0638f6bd9efe2bac00134c5065ba  gnupg-1.4.2.2.tar.bz2
959540c1c6158e09d668ceee055bf366dc26d0bd  gnupg-1.4.2.2.tar.gz
880b3e937f232b1ca366bda37c4a959aacbd84f3  gnupg-1.4.2.1-1.4.2.2.diff.bz2
95dd7fd4c49423b86704acfc396ce5a53c8b19e7  gnupg-w32cli-1.4.2.2.exe



Background:
===========

OpenPGP messages are made up of packets.  The signed data is a packet,
the actual signature is a packet and there are several control packets
as well.  For example:

   O + D + S 

This describes a standard signed message made made up of a control
packet (O for one-pass signature packet), the actual signed data (D)
and the actual signature packet (S).  gpg checks that the signature S
is valid over the data D.  This is actually easy if not OpenPGP and
GnuPG would have a long tradition of changing the fromats.  PGP 2
versions used a different way of composing these packets:

   S + D

and early versions of gpg, released before RFC2440, even created

   D + S

i.e. without the one-pass packet.  Still this would all be easy to
process properly but in an ill-advised attempt to make things easier,
gpg allowed the processing of multiple signatures per file, like

   O1 + D1 + S1 + O2 + D2 + S2

where two standard signatures are concatenated.  Now when combining
this with the other variants of signatures, things get really messy
and it is not always possible to assocciate the signature (S) with the
signed data (D).  gpg checked that this all works but unfortunately
these checks are not sufficient enough.  The attack is to change a
standard message to inject faked data (F).  A simple case is this:

   F + O + D + S 

gpg now happily skips F for verification and does a proper signature
verification of D and if this succeeds, prints a positive result.
However when asked to output the actual signed data it will output the
concatenation of F + D and thus create the impression that both are
covered by the signature.  Depending on how gpg is invoked (in a
pipeline or using --output) it may even output just F and not at all
D.  There are several variants of the attack in where to put the faked
data.

The only correct solution to this problem is to get rid of the feature
to check concatenated signatures - this allows for strict checking of
valid packet composition.  This is what has been done in 1.4.2.2 and
in the forthcoming 1.4.3rc2.  These versions accept signatures only if
they are composed of

  O + D + S
  S + D
  
Cleartext signatures are of course also supported, they are similiar
to the O+D+S case.

The actual checking for valid signature packet composition is done at
g10/mainproc.c, at the top of check_sig_and_print().


Thanks
======

Tavis Ormandy again poked on gpg and found this vulnerability. 

The new version has been released yesterday and should by now be
available on all mirrors.




[1] http://lists.gnupg.org/mailman/listinfo/gnupg-devel
[2] http://www.gnupg.org/related_software/gpgme
[3] http://www.gpg4win.org


-- 
Werner Koch                                      <wk@gnupg.org>
The GnuPG Experts                                http://g10code.com
Free Software Foundation Europe                  http://fsfeurope.org
Join the Fellowship and protect your Freedom!    http://www.fsfe.org
    

- 漏洞信息

23790
GnuPG gpg Unsigned Data Injection Detection Failure
Local Access Required Cryptographic
Loss of Integrity
Exploit Unknown

- 漏洞描述

Gnu Privacy Guard contains a flaw that may allow a malicious user to inject unsigned data into a signed message. The issue is triggered when unsigned PGP packets are prepended or appended to legitimately signed packet streams. It is possible that the flaw may allow injected data to appear signed resulting in a loss of integrity.

- 时间线

2006-03-09 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.4.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

GnuPG Incorrect Non-Detached Signature Verification Vulnerability
Design Error 17058
Yes No
2006-03-09 12:00:00 2007-01-02 06:06:00
Discovery is credited to Tavis Ormandy.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
SGI ProPack 3.0 SP6
S.u.S.E. UnitedLinux 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
GNU GNU Privacy Guard 1.4.2 .1
GNU GNU Privacy Guard 1.4.2
GNU GNU Privacy Guard 1.4.1
GNU GNU Privacy Guard 1.4
GNU GNU Privacy Guard 1.3.4
GNU GNU Privacy Guard 1.3.3
GNU GNU Privacy Guard 1.2.7
GNU GNU Privacy Guard 1.2.6
GNU GNU Privacy Guard 1.2.5
GNU GNU Privacy Guard 1.2.4
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
GNU GNU Privacy Guard 1.2.3
+ Conectiva Linux 9.0
+ Mandriva Linux Mandrake 9.2
+ Turbolinux Turbolinux Desktop 10.0
GNU GNU Privacy Guard 1.2.2 -rc1
+ S.u.S.E. Linux Personal 8.2
GNU GNU Privacy Guard 1.2.2 -r1
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
GNU GNU Privacy Guard 1.2.2
GNU GNU Privacy Guard 1.2.1
+ Conectiva Linux 9.0
+ OpenPKG OpenPKG 1.2
+ RedHat Linux 9.0 i386
+ Terra Soft Solutions Yellow Dog Linux 3.0
GNU GNU Privacy Guard 1.2
GNU GNU Privacy Guard 1.0.7
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ MandrakeSoft apcupsd 2006.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ OpenPKG OpenPKG 1.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 8.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux Advanced Work Station 2.1
+ Sun Linux 5.0.5
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 6.5
+ Turbolinux Turbolinux Server 6.1
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 6.0
GNU GNU Privacy Guard 1.0.6
GNU GNU Privacy Guard 1.0.5
GNU GNU Privacy Guard 1.0.4
- Turbolinux Turbolinux 6.0.5
- Turbolinux Turbolinux Server 6.5
- Turbolinux Turbolinux Workstation 6.1
GNU GNU Privacy Guard 1.0.3 b
GNU GNU Privacy Guard 1.0.3
GNU GNU Privacy Guard 1.0.2
GNU GNU Privacy Guard 1.0.1
GNU GNU Privacy Guard 1.0 .6
- MandrakeSoft Corporate Server 1.0.1
- Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0 ppc
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
GNU GNU Privacy Guard 1.0
GNU finger 1.0.7
GIMP GIMP 2.2.4
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
GNU GNU Privacy Guard 1.4.2 2

- 不受影响的程序版本

GNU GNU Privacy Guard 1.4.2 2

- 漏洞讨论

GnuPG is prone to a vulnerability involving incorrect verification of non-detached signatures.

A successful attack can allow an attacker to simply take a signed message, inject arbitrary data into it, and bypass verification.

Note that this issue also affects verification of signatures embedded in encrypted messages. Scripts and applications using gpg are affected, as are applications using the GPGME library.

GnuPG versions prior to 1.4.2.2 are vulnerable to this issue.

- 漏洞利用

An exploit is not required.

- 解决方案

The vendor has released version 1.4.2.2 to address this issue.

Please see the references for more information and fixes.


GNU GNU Privacy Guard 1.0

GNU GNU Privacy Guard 1.0 .6

GNU GNU Privacy Guard 1.0.1

GNU GNU Privacy Guard 1.0.2

GNU GNU Privacy Guard 1.0.3

GNU GNU Privacy Guard 1.0.4

GNU finger 1.0.7

GNU GNU Privacy Guard 1.0.7

GNU GNU Privacy Guard 1.2.1

GNU GNU Privacy Guard 1.2.2 -rc1

GNU GNU Privacy Guard 1.2.2 -r1

GNU GNU Privacy Guard 1.2.3

GNU GNU Privacy Guard 1.2.4

GNU GNU Privacy Guard 1.2.6

GNU GNU Privacy Guard 1.3.3

GNU GNU Privacy Guard 1.3.4

GNU GNU Privacy Guard 1.4

GNU GNU Privacy Guard 1.4.1

GNU GNU Privacy Guard 1.4.2 .1

GIMP GIMP 2.2.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站