Debian Bug report logs -
#894983
gnupg2: CVE-2018-9234: Able to certify public keys without a certify key present when using smartcard
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 5 Apr 2018 20:51:02 UTC
Severity: important
Tags: security, upstream
Found in version gnupg2/2.2.5-1
Fixed in version gnupg2/2.2.7-1
Done: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Bug is archived. No further changes may be made.
Forwarded to https://dev.gnupg.org/T3844
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, gniibe@fsij.org, wk@gnupg.org, Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
:
Bug#894983
; Package src:gnupg2
.
(Thu, 05 Apr 2018 20:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, gniibe@fsij.org, wk@gnupg.org, Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
.
(Thu, 05 Apr 2018 20:51:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: gnupg2
Version: 2.2.5-1
Severity: important
Tags: security upstream
Forwarded: https://dev.gnupg.org/T3844
Hi,
The following vulnerability was published for gnupg2:
CVE-2018-9234[0]:
| GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key
| certification requires an offline master Certify key, which results in
| apparently valid certifications that occurred only with access to a
| signing subkey.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-9234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234
[1] https://dev.gnupg.org/T3844
[2] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=a17d2d1f690ebe5d005b4589a5fe378b6487c657
Please adjust the affected versions in the BTS as needed. Can you
clarify if this affects as well way back to STABLE-BRANCH-1-4?
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
:
Bug#894983
; Package src:gnupg2
.
(Fri, 06 Apr 2018 01:57:06 GMT) (full text, mbox, link).
Acknowledgement sent
to NIIBE Yutaka <gniibe@fsij.org>
:
Extra info received and forwarded to list. Copy sent to Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
.
(Fri, 06 Apr 2018 01:57:06 GMT) (full text, mbox, link).
Message #10 received at 894983@bugs.debian.org (full text, mbox, reply):
Hello,
Thank you for the bug report.
Salvatore Bonaccorso <carnil@debian.org> wrote:
> The following vulnerability was published for gnupg2:
Vulnerability? ... well, a kind of.
Given this is escalated to CVE, I considered and evaluated the problem
again.
I think that we need to fix the checking of signature by a key which
does not have a capability to certify other keys.
> CVE-2018-9234[0]:
> | GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key
> | certification requires an offline master Certify key, which results in
> | apparently valid certifications that occurred only with access to a
> | signing subkey.
This description sounds not accurate for me. In my opinion, the
certifications are invalid.
The smartcard problem was introduced by the commits of mine:
commit fbb2259d22e6c6eadc2af722bdc52922da348677
Author: NIIBE Yutaka <gniibe@fsij.org>
Date: Mon May 22 09:27:36 2017 +0900
g10: Fix default-key selection for signing, possibly by card.
and
commit 97a2394ecafaa6f58e4a1f70ecfd04408dc15606
Author: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu Apr 27 10:33:58 2017 +0900
g10: For signing, prefer available card key when no -u option.
2.1.21 or later versions have this problem. It will be fixed in
forthcoming 2.2.6.
Invalid certifications can only be generated by GnuPG 2.1/2.2 with
smartcard, not by 2.0 or 1.4.
> Please adjust the affected versions in the BTS as needed. Can you
> clarify if this affects as well way back to STABLE-BRANCH-1-4?
The checking of invalid certifications would be worth to all branches of
GnuPG. For the fix of checking, I'm not that confident my proposed fix
of gpg-CVE-2018-9234.diff at [0] is correct or not. Review is required.
[0] https://dev.gnupg.org/T3844
--
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
:
Bug#894983
; Package src:gnupg2
.
(Fri, 06 Apr 2018 14:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Werner Koch <wk@gnupg.org>
:
Extra info received and forwarded to list. Copy sent to Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
.
(Fri, 06 Apr 2018 14:42:04 GMT) (full text, mbox, link).
Message #15 received at 894983@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Thu, 5 Apr 2018 22:49, carnil@debian.org said:
> CVE-2018-9234[0]:
> | GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key
> | certification requires an offline master Certify key, which results in
> | apparently valid certifications that occurred only with access to a
> | signing subkey.
That is more a description of an unspecified behaviour of OpenPGP. It is
From the specs not clear whether a subkey shall be able to certify a a
userid or a subkey.
The problem which such a certification from a subkey is that you can't
evaluate it due to the catch-22: The key usage flags are part of the
signature itself and to check the signature you need to have the usage
flags. For the primary key this is not a problem because it implicitly
has certification usage.
We are currently testing a patch but are also considering to disallow
certification from subkeys at all.
> Please adjust the affected versions in the BTS as needed. Can you
> clarify if this affects as well way back to STABLE-BRANCH-1-4?
We won't do any large change to 1.4 and may eventually remove smart card
support from 1.4 - it is anyway very limited when not used with 2.2
gpg-agent and even then it does not support everything we have in 2.2
Salam-Shalom,
Werner
p.s.
I am bit wondering whether escalating this bug report
(https://dev.gnupg.org/T3844) via a CVE was a sensible strategy.
--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
[Message part 2 (application/pgp-signature, inline)]
Marked as fixed in versions gnupg2/2.2.7-1.
Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net>
to control@bugs.debian.org
.
(Fri, 08 Jun 2018 23:03:06 GMT) (full text, mbox, link).
Marked Bug as done
Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net>
to control@bugs.debian.org
.
(Fri, 08 Jun 2018 23:03:06 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Fri, 08 Jun 2018 23:03:07 GMT) (full text, mbox, link).
Message sent on
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug#894983.
(Fri, 08 Jun 2018 23:03:08 GMT) (full text, mbox, link).
Message #24 received at 894983-submitter@bugs.debian.org (full text, mbox, reply):
close 894983 2.2.7-1
thanks
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 07 Jul 2018 07:30:47 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:29:19 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.