mainproc.c in GnuPG prior to 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote malicious users to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat enterprise linux server aus 7.6 |
||
redhat enterprise linux server eus 7.5 |
||
redhat enterprise linux server eus 7.6 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
canonical ubuntu linux 18.10 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 17.10 |
||
canonical ubuntu linux 19.04 |
||
canonical ubuntu linux 14.04 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
gnupg gnupg |
Missing input sanitisation fixed after hacker spat S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats
If you're a developer relying on GnuPG, check upstream for an update that plugs an input sanitisation bug. The short version, given in CVE-2018-12020, is that mainproc.c mishandles the filename, and as a result, an attacker can spoof the output it sends to other programs. “For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes”, the Mitre advisory states. GnuPG maintainer Werner Koch explained...