Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/01/2013 12:22 AM, Kurt Seifried wrote:
> On 12/28/2012 06:06 PM, KB Sriram wrote:
> > Versions of GnuPG <= 1.4.12 are vulnerable to memory access
> > violations and public keyring database corruption when importing
> > public keys that have been manipulated.
>
> > An OpenPGP key can be fuzzed in such a way that gpg segfaults (or
> > has other memory access violations) when importing the key.
>
> > The key may also be fuzzed such that gpg reports no errors when 
> > examining the key (eg: "gpg the_bad_key.pkr") but importing it
> > causes gpg to corrupt its public keyring database.
>
> > The database corruption issue was first reported on Dec 6th,
> > through the gpg bug tracking system:
>
> > https://bugs.g10code.com/gnupg/issue1455
>
> > The subsequent memory access violation was discovered and reported
> > in a private email with the maintainer on Dec 20th.
>
> > A zip file with keys that causes segfaults and other errors is 
> > available at
> > http://dl.dropbox.com/u/18852638/gnupg-issues/1455.zip and includes
> > a log file that demonstrates the issues [on MacOS X and gpg
> > 1.4.11]
>
> > A new version of gpg -- 1.4.13 -- that addressed both these issues,
> > was independently released by the maintainer on Dec 20th.
>
> > The simplest solution is to upgrade all gpg installs to 1.4.13.
>
> > [Workarounds: A corrupted database may be recovered by manually 
> > copying back the pubring.gpg~ backup file. Certain errors may also
> > be prevented by never directly importing a key, but first just
> > "looking" at the key (eg: "gpg bad_key.pkr"). However, this is not
> > guaranteed to work in all cases; though upgrading to 1.4.13 does
> > work for the issues reported.]
>
> > Discovery:
>
> > The problem was discovered during a byte-fuzzing test of OpenPGP 
> > certificates for an unrelated application. Each byte in turn was 
> > replaced by a random byte, and the modified certificate fed to the 
> > application to check that it handled errors correctly. Gpg was used
> > as a control, but it itself turned out to have errors related to
> > packet parsing. The errors are generally triggered when fuzzing the
> > length field of OpenPGP packets, which cascades into subsequent
> > errors in certain situations.
>
> > -kb
>
> Has this been assigned a CVE identifier yet?

Spoke with upstream, confirmed things. Please use CVE-2012-6085 for this
issue.



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ43AsAAoJEBYNRVNeJnmTWBkP/2+7T2S3n6KOc0VQjcDlK9Yo
kUauilVJcH9QKZW28JHGzQnNUV/jf8csjtGsWBawVi7ofrlNNbNLRXTBe3OqEaxM
ltLB0049NjMQ4sdf9agur3t7kXFJkRarMQZ+DGnlQAYClZggEsztWhwMCOozMiay
/NuJsUQvlAtzRcRYZEyI0P3R5ecfsu0JHJuf9on/bc4hXgl4A6kl02IGaaZi69hU
faYdeGXRKjDKWp7fsLdWXVO4S43+QV2VKADdkxC5+fef9b1lHH6cHhobsZCb8ZCl
pVx19tF/jid7Lz3QyLeaJNuKsu/H65/xJvnhUTdUr3viqo3cArudNNhkb2Fu+8u8
Y03M1w6jdMpO2ENNjgrlrlgLZ4zCk/A8enK61DJnll7oIhVGbn58K0AVSmfcPJtN
V+JklmvbEwJwxlOw9MxWkJ6nuQrXaFJRB5ruQnuvLneEWHsfPYlJMUpUmtmg3VWe
4gbFn774VplIxLuo3wHDwPdaWT7piMvBZLdHvLvRyfx7yBY9zphFsW4zQvZH2hGa
jMpUj2g8mR2Tw03REXrvgj+GNqMKy516d1YbVm8Y8//TCHMYt8EWeXHJ4COS/9WO
rKxEBi8kpL/rc5VFOD+76S3Skp2jgYAql9BTbBp4DoJd7jtT8boRYjJFWWzpiwxi
isKwpf/bS3MC+ZxHKTNe
=zCWo
-----END PGP SIGNATURE-----