Debian Bug report logs -
#722722
CVE-2013-4351 gnupg: gpg treats no-usage-permitted keys as all-usages-permitted
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, dkg@fifthhorseman.net, Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>:
Bug#722722; Package gnupg.
(Fri, 13 Sep 2013 17:24:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
New Bug report received and forwarded. Copy sent to dkg@fifthhorseman.net, Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>.
(Fri, 13 Sep 2013 17:24:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: gnupg
Version: 1.4.14-1
Severity: normal
Tags: patch upstream
Control: -1 forwarded http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138
FC 4880 permits OpenPGP keyholders to mark their primary keys and
subkeys with a "key flags" packet that indicates the capabilities of the
key [0]. These are represented as a set of binary flags, including
things like "This key may be used to encrypt communications."
If a key or subkey has this "key flags" subpacket attached with all bits
cleared (off), GnuPG currently treats the key as having all bits set
(on). While keys with this sort of marker are very rare in the wild,
GnuPG's misinterpretation of this subpacket could lead to a breach of
confidentiality or a mistaken identity verification.
Potential Confidentiality Breach
--------------------------------
For example, if Alice has a subkey X whose "key flags" subpacket has all
bits cleared (because she is using it for something not documented in
the spec, perhaps something experimental or risky), and Bob sends Alice
an e-mail encrypted using GnuPG, Bob may accidentally encrypt the
message to key X, depsite Alice having clearly stated that the key is
not to be used for encrypted communications. If Alice's intended use of
X turns out to compromise the key itself somehow, then the attacker can
read Bob's otherwise confidential communication to Alice.
Potential Mistaken Identity Verification
----------------------------------------
Consider the scenario above, but where Bob is in general willing to rely
on OpenPGP certifications made by Alice. The legitimate form of these
certifications are usually made by Alice's primary key, which is marked
as "certification-capable". Because Bob's GnuPG misinterprets the usage
flags on subkey X, Bob may be able to be tricked into believing that
Alice has certified someone else's OpenPGP identity if an attacker
manages to coax Alice into using subkey X in a way that is replayable as
an OpenPGP certification.
These risks are unlikely today (there are very few certifications in the
wild with an all-zero key flags subpacket), and they are not
particularly dangerous (for a compromise to happen, there needs to also
be a cross-context abuse of the mis-classified key, which i do not have
a concrete example of). But the keyholder's stated intent of separating
out keys by context of use is being ignored, so there is a window of
vulnerability that should not be open.
There is also a (maybe non-security) functionality issue here, in that
GnuPG may mis-use the user's own keys if they are marked as described
above (e.g. signing messages or certifying identities with a subkey that
is explicitly marked as not being for that purpose).
This has been fixed in the master branch already, but no fix is
available yet upstream for 1.4.x.
The attached patch should work for debian.
Regards,
--dkg
[0] https://tools.ietf.org/html/rfc4880#section-5.2.3.21
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.11-rc4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gnupg depends on:
ii gpgv 1.4.14-1
ii libbz2-1.0 1.0.6-5
ii libc6 2.17-92+b1
ii libreadline6 6.2+dfsg-0.1
ii libusb-0.1-4 2:0.1.12-23.2
ii zlib1g 1:1.2.8.dfsg-1
Versions of packages gnupg recommends:
ii gnupg-curl 1.4.14-1
ii libldap-2.4-2 2.4.31-1+nmu2+b1
Versions of packages gnupg suggests:
ii eog 3.8.2-1
pn gnupg-doc <none>
ii libpcsclite1 1.8.8-4
ii xloadimage 4.1-21
-- debconf-show failed
[fix-empty-usage-flags.patch (text/x-diff, attachment)]
Bug 722722 cloned as bug 722724
Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net>
to control@bugs.debian.org.
(Fri, 13 Sep 2013 17:36:05 GMT) (full text, mbox, link).
Changed Bug title to 'CVE-2013-4351 gnupg: gpg treats no-usage-permitted keys as all-usages-permitted' from 'gnupg: gpg treats no-usage-permitted keys as all-usages-permitted'
Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net>
to control@bugs.debian.org.
(Fri, 13 Sep 2013 19:51:09 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Mon, 07 Oct 2013 21:18:05 GMT) (full text, mbox, link).
Notification sent
to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Bug acknowledged by developer.
(Mon, 07 Oct 2013 21:18:05 GMT) (full text, mbox, link).
Message #16 received at 722722-done@bugs.debian.org (full text, mbox, reply):
Source: gnupg
Source-Version: 1.4.15-1
Hi Thijs,
This should also be fixed in 1.4.15-1, marking the bugreport.
Regards,
Salvatore
Reply sent
to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility.
(Thu, 10 Oct 2013 22:21:09 GMT) (full text, mbox, link).
Notification sent
to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Bug acknowledged by developer.
(Thu, 10 Oct 2013 22:21:09 GMT) (full text, mbox, link).
Message #21 received at 722722-close@bugs.debian.org (full text, mbox, reply):
Source: gnupg
Source-Version: 1.4.10-4+squeeze3
We believe that the bug you reported is fixed in the latest version of
gnupg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 722722@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated gnupg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 09 Oct 2013 18:14:40 +0200
Source: gnupg
Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb
Architecture: source amd64
Version: 1.4.10-4+squeeze3
Distribution: squeeze-security
Urgency: high
Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description:
gnupg - GNU privacy guard - a free PGP replacement
gnupg-curl - GNU privacy guard - a free PGP replacement (cURL)
gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
gpgv - GNU privacy guard - signature verification tool
gpgv-udeb - minimal signature verification tool (udeb)
Closes: 722722 725439
Changes:
gnupg (1.4.10-4+squeeze3) squeeze-security; urgency=high
.
* Apply upstream patch to fix infinite recursion in the
compressed packet parser (CVE-2013-4402, closes: #725439).
* Apply upstream patch to fix treating no-usage-permitted
keys as all-usages-permitted (CVE-2013-4351, closes: #722722).
Checksums-Sha1:
64842f56f672015dbc932b3272fa9ebf70947e76 1915 gnupg_1.4.10-4+squeeze3.dsc
1d26a751169135bcea5bf23331b5ed68a910f347 35706 gnupg_1.4.10-4+squeeze3.diff.gz
b259d46ba8b7adeb4524e0bfee98f51db8f1a4d2 2144298 gnupg_1.4.10-4+squeeze3_amd64.deb
35c8ec82215b77fd063187cee5c8e0bdce83a97e 74526 gnupg-curl_1.4.10-4+squeeze3_amd64.deb
ba15b17046347a028f4d5da3299ccff8bc3d9908 221672 gpgv_1.4.10-4+squeeze3_amd64.deb
a39aaafa3228f35a45ef9d58a6ce9801ff2e3666 413344 gnupg-udeb_1.4.10-4+squeeze3_amd64.udeb
abf105030cb077da816c9b112a0837608e82f08c 149624 gpgv-udeb_1.4.10-4+squeeze3_amd64.udeb
Checksums-Sha256:
ec2c274074ef2655c7f834e02d680cbb6868d98d7efebef96552487eac844bb7 1915 gnupg_1.4.10-4+squeeze3.dsc
ec896885507a3af22bba7bd333369f0e6576615a276d9a59e98d42214a6d44a5 35706 gnupg_1.4.10-4+squeeze3.diff.gz
01279c7f7a49c40370f03f93ed1face5d865bfc564f92038f42032c264d1f32a 2144298 gnupg_1.4.10-4+squeeze3_amd64.deb
5c44a483834094e98a9866c306422de37779cd3b5f25f544bbb38166ed4cdfeb 74526 gnupg-curl_1.4.10-4+squeeze3_amd64.deb
0ac1b1f4b0652cf7c48ba758a9d72c3619b6694c5d38115484425b03d95e09ef 221672 gpgv_1.4.10-4+squeeze3_amd64.deb
2c1106176a7a3e314ab048d3ba27df0f1f32d90a3ea93f0182f5210d8afdd12d 413344 gnupg-udeb_1.4.10-4+squeeze3_amd64.udeb
766372077e73e05979193f422ea6cfeb53c0f2106cc876e53523582a26a50dcc 149624 gpgv-udeb_1.4.10-4+squeeze3_amd64.udeb
Files:
6a96b0ece3e6e5b6dd5cb365062cc2b1 1915 utils important gnupg_1.4.10-4+squeeze3.dsc
27e296f9e6586e6b89da0d698d2b7b12 35706 utils important gnupg_1.4.10-4+squeeze3.diff.gz
5f7f5da98bbacbfa054e6cfa4cec7a68 2144298 utils important gnupg_1.4.10-4+squeeze3_amd64.deb
eb70a9c5daa5ab1a4754db45527db750 74526 utils optional gnupg-curl_1.4.10-4+squeeze3_amd64.deb
d440e43f17ae80ccbfe1eb90cb0bc640 221672 utils important gpgv_1.4.10-4+squeeze3_amd64.deb
6bf010ecd6c1373fcff118bca6e36db3 413344 debian-installer extra gnupg-udeb_1.4.10-4+squeeze3_amd64.udeb
4fec63b76878f67bed49518739ce6628 149624 debian-installer extra gpgv-udeb_1.4.10-4+squeeze3_amd64.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJSVYRLAAoJEFb2GnlAHawEAt0H/2R5PY3iUU5qoEsVzdEARrbZ
kv0OBF5N8SPQxr4hlGiMyH/4DYTzRNppHYZSR0/eh+hqtpkXb1czFhcJ57EpchPm
NaRZIgyHlrFYAQtbRJnA29ZXtxrNz/kjyrfBzLAkgUCQ18SPI3ZPS/yA5SEySiB5
C7wwK/Elr6MdZhvbdz2W3CZRvdcwlgVGqSmAdz1RAp3kY82rijI0JuVC63+QafR+
cCMP+shMRuGsAY91kOorr0eKyIVNkNzGT3A+/HB3EIiptBrtYgfW07ff82EM8szS
cF+F+gKpTffuu17Oxsy/5x0cmO2F+e8a9y8egS09TLrG/jeb+kSp9lXaEeW9JXQ=
=MMMW
-----END PGP SIGNATURE-----
Reply sent
to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility.
(Sat, 12 Oct 2013 19:57:34 GMT) (full text, mbox, link).
Notification sent
to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Bug acknowledged by developer.
(Sat, 12 Oct 2013 19:57:34 GMT) (full text, mbox, link).
Message #26 received at 722722-close@bugs.debian.org (full text, mbox, reply):
Source: gnupg
Source-Version: 1.4.12-7+deb7u2
We believe that the bug you reported is fixed in the latest version of
gnupg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 722722@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated gnupg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 09 Oct 2013 17:26:36 +0200
Source: gnupg
Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb gpgv-win32
Architecture: source all amd64
Version: 1.4.12-7+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description:
gnupg - GNU privacy guard - a free PGP replacement
gnupg-curl - GNU privacy guard - a free PGP replacement (cURL)
gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
gpgv - GNU privacy guard - signature verification tool
gpgv-udeb - minimal signature verification tool (udeb)
gpgv-win32 - GNU privacy guard - signature verification tool (win32 build)
Closes: 722722 725439
Changes:
gnupg (1.4.12-7+deb7u2) wheezy-security; urgency=high
.
* Apply upstream patch to fix infinite recursion in the
compressed packet parser (CVE-2013-4402, closes: #725439).
* Apply upstream patch to fix treating no-usage-permitted
keys as all-usages-permitted (CVE-2013-4351, closes: #722722).
Checksums-Sha1:
690019bb6af5f0b7d5a69758403031d0fcf99070 1990 gnupg_1.4.12-7+deb7u2.dsc
c4a7d7bfeaca07886da18caecc3ea47f4e473838 98415 gnupg_1.4.12-7+deb7u2.debian.tar.gz
18991e623068c11a149659326f4de12fa7e9c481 613792 gpgv-win32_1.4.12-7+deb7u2_all.deb
d83385fee1bf8aeb5805a5ff9d9749504871e648 1952650 gnupg_1.4.12-7+deb7u2_amd64.deb
cad77f5f88056d927545b6d66ecb9f4852d48740 63406 gnupg-curl_1.4.12-7+deb7u2_amd64.deb
734140fdaef210c58caaed90e0b8997029fa026f 226290 gpgv_1.4.12-7+deb7u2_amd64.deb
d40376efc2387d3566867a0d1e6f9ceea91e713a 352978 gnupg-udeb_1.4.12-7+deb7u2_amd64.udeb
0da000e1b114c7e66d0684791fabb269cf2d1d64 129652 gpgv-udeb_1.4.12-7+deb7u2_amd64.udeb
Checksums-Sha256:
3698fcabe713d4b812c56298f9f5c2613ca60b85779e28caa708bf5bc9bedffb 1990 gnupg_1.4.12-7+deb7u2.dsc
7c300cbeee85144676f2858a8038e90c2a793f5cd95c01786c4221cd25961b18 98415 gnupg_1.4.12-7+deb7u2.debian.tar.gz
1c77b3671387484891128e9c82668d5cb9bd1f1a6e1ac6cc89b11e19c59dc721 613792 gpgv-win32_1.4.12-7+deb7u2_all.deb
c49614066b2be381ee7b51594d7ae235e560c43fc3afd2a45eda17edb053d2d5 1952650 gnupg_1.4.12-7+deb7u2_amd64.deb
e6b8013f9280e6b35eaa93b4f03d7f009b39392c4a79ef1704852cfa3770e95f 63406 gnupg-curl_1.4.12-7+deb7u2_amd64.deb
cc9db8ba4a4ce6df388c5a9bf6c17ddf03c9f9068582c1daacd6e47138cbb10e 226290 gpgv_1.4.12-7+deb7u2_amd64.deb
87a368d4ddf4257dd3abccdd27b23e4990606e26eb12b78b363f840ea0aa16da 352978 gnupg-udeb_1.4.12-7+deb7u2_amd64.udeb
57dd7ca4cdf84fb7a4fa5d65566301592a99fe07d35c6c0587f06eb751707fd1 129652 gpgv-udeb_1.4.12-7+deb7u2_amd64.udeb
Files:
53b2da7ba7667bb4d360530d03adf8cf 1990 utils important gnupg_1.4.12-7+deb7u2.dsc
6283ca4c8c75c6091bb6a6c3af98ee14 98415 utils important gnupg_1.4.12-7+deb7u2.debian.tar.gz
d528e9d85f670b6735d88357c5e6088d 613792 utils extra gpgv-win32_1.4.12-7+deb7u2_all.deb
018630966bb3a22fc1831290725755e2 1952650 utils important gnupg_1.4.12-7+deb7u2_amd64.deb
52773d5fd773df9f22febfbf4794a33d 63406 utils optional gnupg-curl_1.4.12-7+deb7u2_amd64.deb
705e339ef1940d502e6dcdf37afd0aa9 226290 utils important gpgv_1.4.12-7+deb7u2_amd64.deb
dbdd8f02178f30bd3400cd2cdf026b69 352978 debian-installer extra gnupg-udeb_1.4.12-7+deb7u2_amd64.udeb
a7ab7893100b9dcfaf74869e42826e69 129652 debian-installer extra gpgv-udeb_1.4.12-7+deb7u2_amd64.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQEcBAEBAgAGBQJSVX3dAAoJEFb2GnlAHawE5CYH/Rm7+oQUqIPWXn/uQcIFUtoZ
lswpZFjLlfW2qwermrQAAH300zzu4workY0LBGnuYFkwWqHGFmiXCVvOswYIV502
ytfiLYLAVOlHrk1zL3PRVIO3HkGlIQnApE/ZQyRftcNmHs3DkK8/y/1B7u2hz7p/
9gTZsbW3iazAR9Lrd+c72yaWm74z/6nPmScCYtG3yQuHHs6QspAXXwc9hT7YJ0ne
vc+NS3BlFiLAO2WWQ1X9yNtHCJbVMTpTIRx54vUsu6GuIUDBE7u/+6SESKSL6G6Z
p2UNWV0dJQcAFK8hSEL77vWBzCbwHaVyEH+hwvumJg9jQhD7sEopyJtqA864SC0=
=uAb0
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 10 Nov 2013 07:30:20 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 12:56:16 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon