Debian Bug report logs - #722722
CVE-2013-4351 gnupg: gpg treats no-usage-permitted keys as all-usages-permitted

version graph

Package: gnupg; Maintainer for gnupg is Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>; Source for gnupg is src:gnupg.

Reported by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Date: Fri, 13 Sep 2013 17:24:01 UTC

Severity: normal

Tags: patch, upstream

Found in version gnupg/1.4.14-1

Fixed in versions gnupg/1.4.15-1, gnupg/1.4.10-4+squeeze3, gnupg/1.4.12-7+deb7u2

Done: Thijs Kinkhorst <thijs@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, dkg@fifthhorseman.net, Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>:
Bug#722722; Package gnupg. (Fri, 13 Sep 2013 17:24:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
New Bug report received and forwarded. Copy sent to dkg@fifthhorseman.net, Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>. (Fri, 13 Sep 2013 17:24:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: gnupg: gpg treats no-usage-permitted keys as all-usages-permitted
Date: Fri, 13 Sep 2013 13:20:35 -0400
[Message part 1 (text/plain, inline)]
Package: gnupg
Version: 1.4.14-1
Severity: normal
Tags: patch upstream
Control: -1 forwarded http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138

FC 4880 permits OpenPGP keyholders to mark their primary keys and
subkeys with a "key flags" packet that indicates the capabilities of the
key [0].  These are represented as a set of binary flags, including
things like "This key may be used to encrypt communications."

If a key or subkey has this "key flags" subpacket attached with all bits
cleared (off), GnuPG currently treats the key as having all bits set
(on).  While keys with this sort of marker are very rare in the wild,
GnuPG's misinterpretation of this subpacket could lead to a breach of
confidentiality or a mistaken identity verification.

Potential Confidentiality Breach
--------------------------------

For example, if Alice has a subkey X whose "key flags" subpacket has all
bits cleared (because she is using it for something not documented in
the spec, perhaps something experimental or risky), and Bob sends Alice
an e-mail encrypted using GnuPG, Bob may accidentally encrypt the
message to key X, depsite Alice having clearly stated that the key is
not to be used for encrypted communications.  If Alice's intended use of
X turns out to compromise the key itself somehow, then the attacker can
read Bob's otherwise confidential communication to Alice.

Potential Mistaken Identity Verification
----------------------------------------

Consider the scenario above, but where Bob is in general willing to rely
on OpenPGP certifications made by Alice.  The legitimate form of these
certifications are usually made by Alice's primary key, which is marked
as "certification-capable".  Because Bob's GnuPG misinterprets the usage
flags on subkey X, Bob may be able to be tricked into believing that
Alice has certified someone else's OpenPGP identity if an attacker
manages to coax Alice into using subkey X in a way that is replayable as
an OpenPGP certification.



These risks are unlikely today (there are very few certifications in the
wild with an all-zero key flags subpacket), and they are not
particularly dangerous (for a compromise to happen, there needs to also
be a cross-context abuse of the mis-classified key, which i do not have
a concrete example of).  But the keyholder's stated intent of separating
out keys by context of use is being ignored, so there is a window of
vulnerability that should not be open.

There is also a (maybe non-security) functionality issue here, in that
GnuPG may mis-use the user's own keys if they are marked as described
above (e.g. signing messages or certifying identities with a subkey that
is explicitly marked as not being for that purpose).


This has been fixed in the master branch already, but no fix is
available yet upstream for 1.4.x.

The attached patch should work for debian.

Regards,

        --dkg

[0] https://tools.ietf.org/html/rfc4880#section-5.2.3.21

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.11-rc4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gnupg depends on:
ii  gpgv          1.4.14-1
ii  libbz2-1.0    1.0.6-5
ii  libc6         2.17-92+b1
ii  libreadline6  6.2+dfsg-0.1
ii  libusb-0.1-4  2:0.1.12-23.2
ii  zlib1g        1:1.2.8.dfsg-1

Versions of packages gnupg recommends:
ii  gnupg-curl     1.4.14-1
ii  libldap-2.4-2  2.4.31-1+nmu2+b1

Versions of packages gnupg suggests:
ii  eog           3.8.2-1
pn  gnupg-doc     <none>
ii  libpcsclite1  1.8.8-4
ii  xloadimage    4.1-21

-- debconf-show failed
[fix-empty-usage-flags.patch (text/x-diff, attachment)]

Set Bug forwarded-to-address to 'http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138'. Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net> to control@bugs.debian.org. (Fri, 13 Sep 2013 17:27:04 GMT) Full text and rfc822 format available.

Bug 722722 cloned as bug 722724 Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net> to control@bugs.debian.org. (Fri, 13 Sep 2013 17:36:05 GMT) Full text and rfc822 format available.

Changed Bug title to 'CVE-2013-4351 gnupg: gpg treats no-usage-permitted keys as all-usages-permitted' from 'gnupg: gpg treats no-usage-permitted keys as all-usages-permitted' Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net> to control@bugs.debian.org. (Fri, 13 Sep 2013 19:51:09 GMT) Full text and rfc822 format available.

Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Mon, 07 Oct 2013 21:18:05 GMT) Full text and rfc822 format available.

Notification sent to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Bug acknowledged by developer. (Mon, 07 Oct 2013 21:18:05 GMT) Full text and rfc822 format available.

Message #16 received at 722722-done@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, 722722-done@bugs.debian.org
Subject: Re: Bug#722722: gnupg: gpg treats no-usage-permitted keys as all-usages-permitted
Date: Mon, 7 Oct 2013 23:15:07 +0200
Source: gnupg
Source-Version: 1.4.15-1

Hi Thijs,

This should also be fixed in 1.4.15-1, marking the bugreport.

Regards,
Salvatore



Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility. (Thu, 10 Oct 2013 22:21:09 GMT) Full text and rfc822 format available.

Notification sent to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Bug acknowledged by developer. (Thu, 10 Oct 2013 22:21:09 GMT) Full text and rfc822 format available.

Message #21 received at 722722-close@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 722722-close@bugs.debian.org
Subject: Bug#722722: fixed in gnupg 1.4.10-4+squeeze3
Date: Thu, 10 Oct 2013 22:17:27 +0000
Source: gnupg
Source-Version: 1.4.10-4+squeeze3

We believe that the bug you reported is fixed in the latest version of
gnupg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 722722@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated gnupg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 09 Oct 2013 18:14:40 +0200
Source: gnupg
Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb
Architecture: source amd64
Version: 1.4.10-4+squeeze3
Distribution: squeeze-security
Urgency: high
Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 gnupg      - GNU privacy guard - a free PGP replacement
 gnupg-curl - GNU privacy guard - a free PGP replacement (cURL)
 gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
 gpgv       - GNU privacy guard - signature verification tool
 gpgv-udeb  - minimal signature verification tool (udeb)
Closes: 722722 725439
Changes: 
 gnupg (1.4.10-4+squeeze3) squeeze-security; urgency=high
 .
   * Apply upstream patch to fix infinite recursion in the
     compressed packet parser (CVE-2013-4402, closes: #725439).
   * Apply upstream patch to fix treating no-usage-permitted
     keys as all-usages-permitted (CVE-2013-4351, closes: #722722).
Checksums-Sha1: 
 64842f56f672015dbc932b3272fa9ebf70947e76 1915 gnupg_1.4.10-4+squeeze3.dsc
 1d26a751169135bcea5bf23331b5ed68a910f347 35706 gnupg_1.4.10-4+squeeze3.diff.gz
 b259d46ba8b7adeb4524e0bfee98f51db8f1a4d2 2144298 gnupg_1.4.10-4+squeeze3_amd64.deb
 35c8ec82215b77fd063187cee5c8e0bdce83a97e 74526 gnupg-curl_1.4.10-4+squeeze3_amd64.deb
 ba15b17046347a028f4d5da3299ccff8bc3d9908 221672 gpgv_1.4.10-4+squeeze3_amd64.deb
 a39aaafa3228f35a45ef9d58a6ce9801ff2e3666 413344 gnupg-udeb_1.4.10-4+squeeze3_amd64.udeb
 abf105030cb077da816c9b112a0837608e82f08c 149624 gpgv-udeb_1.4.10-4+squeeze3_amd64.udeb
Checksums-Sha256: 
 ec2c274074ef2655c7f834e02d680cbb6868d98d7efebef96552487eac844bb7 1915 gnupg_1.4.10-4+squeeze3.dsc
 ec896885507a3af22bba7bd333369f0e6576615a276d9a59e98d42214a6d44a5 35706 gnupg_1.4.10-4+squeeze3.diff.gz
 01279c7f7a49c40370f03f93ed1face5d865bfc564f92038f42032c264d1f32a 2144298 gnupg_1.4.10-4+squeeze3_amd64.deb
 5c44a483834094e98a9866c306422de37779cd3b5f25f544bbb38166ed4cdfeb 74526 gnupg-curl_1.4.10-4+squeeze3_amd64.deb
 0ac1b1f4b0652cf7c48ba758a9d72c3619b6694c5d38115484425b03d95e09ef 221672 gpgv_1.4.10-4+squeeze3_amd64.deb
 2c1106176a7a3e314ab048d3ba27df0f1f32d90a3ea93f0182f5210d8afdd12d 413344 gnupg-udeb_1.4.10-4+squeeze3_amd64.udeb
 766372077e73e05979193f422ea6cfeb53c0f2106cc876e53523582a26a50dcc 149624 gpgv-udeb_1.4.10-4+squeeze3_amd64.udeb
Files: 
 6a96b0ece3e6e5b6dd5cb365062cc2b1 1915 utils important gnupg_1.4.10-4+squeeze3.dsc
 27e296f9e6586e6b89da0d698d2b7b12 35706 utils important gnupg_1.4.10-4+squeeze3.diff.gz
 5f7f5da98bbacbfa054e6cfa4cec7a68 2144298 utils important gnupg_1.4.10-4+squeeze3_amd64.deb
 eb70a9c5daa5ab1a4754db45527db750 74526 utils optional gnupg-curl_1.4.10-4+squeeze3_amd64.deb
 d440e43f17ae80ccbfe1eb90cb0bc640 221672 utils important gpgv_1.4.10-4+squeeze3_amd64.deb
 6bf010ecd6c1373fcff118bca6e36db3 413344 debian-installer extra gnupg-udeb_1.4.10-4+squeeze3_amd64.udeb
 4fec63b76878f67bed49518739ce6628 149624 debian-installer extra gpgv-udeb_1.4.10-4+squeeze3_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJSVYRLAAoJEFb2GnlAHawEAt0H/2R5PY3iUU5qoEsVzdEARrbZ
kv0OBF5N8SPQxr4hlGiMyH/4DYTzRNppHYZSR0/eh+hqtpkXb1czFhcJ57EpchPm
NaRZIgyHlrFYAQtbRJnA29ZXtxrNz/kjyrfBzLAkgUCQ18SPI3ZPS/yA5SEySiB5
C7wwK/Elr6MdZhvbdz2W3CZRvdcwlgVGqSmAdz1RAp3kY82rijI0JuVC63+QafR+
cCMP+shMRuGsAY91kOorr0eKyIVNkNzGT3A+/HB3EIiptBrtYgfW07ff82EM8szS
cF+F+gKpTffuu17Oxsy/5x0cmO2F+e8a9y8egS09TLrG/jeb+kSp9lXaEeW9JXQ=
=MMMW
-----END PGP SIGNATURE-----




Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility. (Sat, 12 Oct 2013 19:57:34 GMT) Full text and rfc822 format available.

Notification sent to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Bug acknowledged by developer. (Sat, 12 Oct 2013 19:57:34 GMT) Full text and rfc822 format available.

Message #26 received at 722722-close@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 722722-close@bugs.debian.org
Subject: Bug#722722: fixed in gnupg 1.4.12-7+deb7u2
Date: Sat, 12 Oct 2013 19:53:50 +0000
Source: gnupg
Source-Version: 1.4.12-7+deb7u2

We believe that the bug you reported is fixed in the latest version of
gnupg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 722722@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated gnupg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 09 Oct 2013 17:26:36 +0200
Source: gnupg
Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb gpgv-win32
Architecture: source all amd64
Version: 1.4.12-7+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 gnupg      - GNU privacy guard - a free PGP replacement
 gnupg-curl - GNU privacy guard - a free PGP replacement (cURL)
 gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
 gpgv       - GNU privacy guard - signature verification tool
 gpgv-udeb  - minimal signature verification tool (udeb)
 gpgv-win32 - GNU privacy guard - signature verification tool (win32 build)
Closes: 722722 725439
Changes: 
 gnupg (1.4.12-7+deb7u2) wheezy-security; urgency=high
 .
   * Apply upstream patch to fix infinite recursion in the
     compressed packet parser (CVE-2013-4402, closes: #725439).
   * Apply upstream patch to fix treating no-usage-permitted
     keys as all-usages-permitted (CVE-2013-4351, closes: #722722).
Checksums-Sha1: 
 690019bb6af5f0b7d5a69758403031d0fcf99070 1990 gnupg_1.4.12-7+deb7u2.dsc
 c4a7d7bfeaca07886da18caecc3ea47f4e473838 98415 gnupg_1.4.12-7+deb7u2.debian.tar.gz
 18991e623068c11a149659326f4de12fa7e9c481 613792 gpgv-win32_1.4.12-7+deb7u2_all.deb
 d83385fee1bf8aeb5805a5ff9d9749504871e648 1952650 gnupg_1.4.12-7+deb7u2_amd64.deb
 cad77f5f88056d927545b6d66ecb9f4852d48740 63406 gnupg-curl_1.4.12-7+deb7u2_amd64.deb
 734140fdaef210c58caaed90e0b8997029fa026f 226290 gpgv_1.4.12-7+deb7u2_amd64.deb
 d40376efc2387d3566867a0d1e6f9ceea91e713a 352978 gnupg-udeb_1.4.12-7+deb7u2_amd64.udeb
 0da000e1b114c7e66d0684791fabb269cf2d1d64 129652 gpgv-udeb_1.4.12-7+deb7u2_amd64.udeb
Checksums-Sha256: 
 3698fcabe713d4b812c56298f9f5c2613ca60b85779e28caa708bf5bc9bedffb 1990 gnupg_1.4.12-7+deb7u2.dsc
 7c300cbeee85144676f2858a8038e90c2a793f5cd95c01786c4221cd25961b18 98415 gnupg_1.4.12-7+deb7u2.debian.tar.gz
 1c77b3671387484891128e9c82668d5cb9bd1f1a6e1ac6cc89b11e19c59dc721 613792 gpgv-win32_1.4.12-7+deb7u2_all.deb
 c49614066b2be381ee7b51594d7ae235e560c43fc3afd2a45eda17edb053d2d5 1952650 gnupg_1.4.12-7+deb7u2_amd64.deb
 e6b8013f9280e6b35eaa93b4f03d7f009b39392c4a79ef1704852cfa3770e95f 63406 gnupg-curl_1.4.12-7+deb7u2_amd64.deb
 cc9db8ba4a4ce6df388c5a9bf6c17ddf03c9f9068582c1daacd6e47138cbb10e 226290 gpgv_1.4.12-7+deb7u2_amd64.deb
 87a368d4ddf4257dd3abccdd27b23e4990606e26eb12b78b363f840ea0aa16da 352978 gnupg-udeb_1.4.12-7+deb7u2_amd64.udeb
 57dd7ca4cdf84fb7a4fa5d65566301592a99fe07d35c6c0587f06eb751707fd1 129652 gpgv-udeb_1.4.12-7+deb7u2_amd64.udeb
Files: 
 53b2da7ba7667bb4d360530d03adf8cf 1990 utils important gnupg_1.4.12-7+deb7u2.dsc
 6283ca4c8c75c6091bb6a6c3af98ee14 98415 utils important gnupg_1.4.12-7+deb7u2.debian.tar.gz
 d528e9d85f670b6735d88357c5e6088d 613792 utils extra gpgv-win32_1.4.12-7+deb7u2_all.deb
 018630966bb3a22fc1831290725755e2 1952650 utils important gnupg_1.4.12-7+deb7u2_amd64.deb
 52773d5fd773df9f22febfbf4794a33d 63406 utils optional gnupg-curl_1.4.12-7+deb7u2_amd64.deb
 705e339ef1940d502e6dcdf37afd0aa9 226290 utils important gpgv_1.4.12-7+deb7u2_amd64.deb
 dbdd8f02178f30bd3400cd2cdf026b69 352978 debian-installer extra gnupg-udeb_1.4.12-7+deb7u2_amd64.udeb
 a7ab7893100b9dcfaf74869e42826e69 129652 debian-installer extra gpgv-udeb_1.4.12-7+deb7u2_amd64.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQEcBAEBAgAGBQJSVX3dAAoJEFb2GnlAHawE5CYH/Rm7+oQUqIPWXn/uQcIFUtoZ
lswpZFjLlfW2qwermrQAAH300zzu4workY0LBGnuYFkwWqHGFmiXCVvOswYIV502
ytfiLYLAVOlHrk1zL3PRVIO3HkGlIQnApE/ZQyRftcNmHs3DkK8/y/1B7u2hz7p/
9gTZsbW3iazAR9Lrd+c72yaWm74z/6nPmScCYtG3yQuHHs6QspAXXwc9hT7YJ0ne
vc+NS3BlFiLAO2WWQ1X9yNtHCJbVMTpTIRx54vUsu6GuIUDBE7u/+6SESKSL6G6Z
p2UNWV0dJQcAFK8hSEL77vWBzCbwHaVyEH+hwvumJg9jQhD7sEopyJtqA864SC0=
=uAb0
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 10 Nov 2013 07:30:20 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 15:55:19 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.