Bug 840510 - (CVE-2013-4351) VUL-0: CVE-2013-4351: gpg2: GnuPG treats no-usage-permitted keys as all-usages-permitted
(CVE-2013-4351)
VUL-0: CVE-2013-4351: gpg2: GnuPG treats no-usage-permitted keys as all-usage...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:sle11-sp1:54675 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-16 09:01 UTC by Alexander Bergmann
Modified: 2014-06-03 23:05 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
testkey.asc (2.61 KB, text/plain)
2014-05-27 11:25 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2013-09-16 09:01:21 UTC
Public via oss-security.

Date: Fri, 13 Sep 2013 02:32:47 -0400
From: Daniel Kahn Gillmor
Subject: [oss-security] GnuPG treats no-usage-permitted keys as all-usages-permitted

RFC 4880 permits OpenPGP keyholders to mark their primary keys and
subkeys with a "key flags" packet that indicates the capabilities of the
key [0].  These are represented as a set of binary flags, including
things like "This key may be used to encrypt communications."

If a key or subkey has this "key flags" subpacket attached with all bits
cleared (off), GnuPG currently treats the key as having all bits set
(on).  While keys with this sort of marker are very rare in the wild,
GnuPG's misinterpretation of this subpacket could lead to a breach of
confidentiality or a mistaken identity verification.

Potential Confidentiality Breach
--------------------------------

For example, if Alice has a subkey X whose "key flags" subpacket has all
bits cleared (because she is using it for something not documented in
the spec, perhaps something experimental or risky), and Bob sends Alice
an e-mail encrypted using GnuPG, Bob may accidentally encrypt the
message to key X, depsite Alice having clearly stated that the key is
not to be used for encrypted communications.  If Alice's intended use of
X turns out to compromise the key itself somehow, then the attacker can
read Bob's otherwise confidential communication to Alice.

Potential Mistaken Identity Verification
----------------------------------------

Consider the scenario above, but where Bob is in general willing to rely
on OpenPGP certifications made by Alice.  The legitimate form of these
certifications are usually made by Alice's primary key, which is marked
as "certification-capable".  Because Bob's GnuPG misinterprets the usage
flags on subkey X, Bob may be able to be tricked into believing that
Alice has certified someone else's OpenPGP identity if an attacker
manages to coax Alice into using subkey X in a way that is replayable as
an OpenPGP certification.



These risks are unlikely today (there are very few certifications in the
wild with an all-zero key flags subpacket), and they are not
particularly dangerous (for a compromise to happen, there needs to also
be a cross-context abuse of the mis-classified key, which i do not have
a concrete example of).  But the keyholder's stated intent of separating
out keys by context of use is being ignored, so there is a window of
vulnerability that should not be open.

There is also a (maybe non-security) functionality issue here, in that
GnuPG may mis-use the user's own keys if they are marked as described
above (e.g. signing messages or certifying identities with a subkey that
is explicitly marked as not being for that purpose).


This problem was first reported to the GnuPG team back in March [1].
Patches are available, but appear to only be applied on the development
branch (2.1.x).  So stable branches 1.4.x and 2.0.x remain vulnerable at
the moment.

Could a CVE be issued for this?

Regards,

        --dkg

[0] https://tools.ietf.org/html/rfc4880#section-5.2.3.21
[1] http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138

-------------

CVE-2013-4351 was assigned to this issue.
Comment 1 Bernhard Wiedemann 2013-09-16 12:00:20 UTC
This is an autogenerated message for OBS integration:
This bug (840510) was mentioned in
https://build.opensuse.org/request/show/199229 Maintenance /
Comment 2 Bernhard Wiedemann 2013-09-16 13:00:11 UTC
This is an autogenerated message for OBS integration:
This bug (840510) was mentioned in
https://build.opensuse.org/request/show/199251 12.2+12.3 / gpg2
Comment 3 Bernhard Wiedemann 2013-09-16 16:00:15 UTC
This is an autogenerated message for OBS integration:
This bug (840510) was mentioned in
https://build.opensuse.org/request/show/199273 12.2+12.3 / gpg2
Comment 4 Bernhard Wiedemann 2013-09-16 16:00:24 UTC
This is an autogenerated message for OBS integration:
This bug (840510) was mentioned in
https://build.opensuse.org/request/show/199272 Maintenance /
Comment 5 Bernhard Wiedemann 2013-09-16 18:00:13 UTC
This is an autogenerated message for OBS integration:
This bug (840510) was mentioned in
https://build.opensuse.org/request/show/199283 Factory / gpg2
Comment 7 Swamp Workflow Management 2013-09-16 22:00:20 UTC
bugbot adjusting priority
Comment 11 Swamp Workflow Management 2013-09-26 16:43:24 UTC
The SWAMPID for this issue is 54530.
This issue was rated as low.
Please submit fixed packages until 2013-10-24.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 12 Vítězslav Čížek 2013-09-27 12:49:17 UTC
All packages should be submitted. Handing over to security-team.
Comment 13 Bernhard Wiedemann 2013-09-27 13:02:08 UTC
This is an autogenerated message for OBS integration:
This bug (840510) was mentioned in
https://build.opensuse.org/request/show/201102 12.2+12.3 / gpg2
Comment 14 Swamp Workflow Management 2013-09-27 14:05:32 UTC
openSUSE-SU-2013:1494-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 840510
CVE References: CVE-2013-4351
Sources used:
openSUSE 12.3 (src):    gpg2-2.0.19-5.8.1
openSUSE 12.2 (src):    gpg2-2.0.19-2.8.1
Comment 15 Marcus Meissner 2013-10-01 09:50:00 UTC
there was a secondary submission.  


SR 201102 new (sec):  <2047>
        home:vitezslav_cizek:branches:OBS_Maintained:gpg2/gpg2.openSUSE_12.2_Update
        home:vitezslav_cizek:branches:OBS_Maintained:gpg2/gpg2.openSUSE_12.3_Update
        home:vitezslav_cizek:branches:OBS_Maintained:gpg2/patchinfo


which now has conflicts... 

should it have replaced the previous released one?
Comment 16 Vítězslav Čížek 2013-10-01 10:35:46 UTC
(In reply to comment #15)
> there was a secondary submission.  
> 
> should it have replaced the previous released one?

No.
I thought I revoked the previous openSUSE requests,
so I submitted this one. (The only difference is an improved comment in changes)

I'll revoke the 201102 request, now that the previous one was accepted.
Also reassigning the bug to security-team.
Comment 17 Marcus Meissner 2013-10-01 14:12:18 UTC
ok. sle update still running
Comment 18 Swamp Workflow Management 2013-10-07 22:04:20 UTC
openSUSE-SU-2013:1532-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 840510
CVE References: CVE-2013-4351
Sources used:
openSUSE 11.4 (src):    gpg2-2.0.19-14.1
Comment 19 Bernhard Wiedemann 2013-10-10 17:00:12 UTC
This is an autogenerated message for OBS integration:
This bug (840510) was mentioned in
https://build.opensuse.org/request/show/202893 Evergreen:11.2:Test / gpg2
Comment 20 Bernhard Wiedemann 2013-10-19 19:00:13 UTC
This is an autogenerated message for OBS integration:
This bug (840510) was mentioned in
https://build.opensuse.org/request/show/203987 Evergreen:11.2 / gpg2
Comment 21 Marcus Meissner 2013-10-25 12:15:06 UTC
released
Comment 22 Swamp Workflow Management 2013-10-25 13:04:21 UTC
Update released for: gpg
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 23 Swamp Workflow Management 2013-10-25 13:04:45 UTC
Update released for: gpg, gpg-debuginfo
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 24 Swamp Workflow Management 2013-10-25 13:05:05 UTC
Update released for: gpg2, gpg2-debuginfo, gpg2-debugsource, gpg2-lang
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 25 Swamp Workflow Management 2013-10-25 14:49:18 UTC
Update released for: gpg2, gpg2-debuginfo, gpg2-debugsource, gpg2-lang
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 26 Swamp Workflow Management 2013-10-25 14:53:51 UTC
Update released for: gpg2, gpg2-debuginfo, gpg2-debugsource, gpg2-lang
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 27 Swamp Workflow Management 2013-10-25 15:04:21 UTC
Update released for: gpg2, gpg2-debuginfo
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 28 Swamp Workflow Management 2013-10-25 15:46:32 UTC
Update released for: gpg, gpg-debuginfo
Products:
SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)
Comment 29 Swamp Workflow Management 2013-10-25 15:47:46 UTC
Update released for: gpg, gpg-debuginfo
Products:
SLE-SERVER 10-SP4-LTSS (i386, s390x, x86_64)
Comment 30 Marcus Meissner 2014-05-27 11:25:56 UTC
Created attachment 592175 [details]
testkey.asc

test from http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138
Comment 31 Swamp Workflow Management 2014-06-03 19:47:47 UTC
Update released for: gpg2, gpg2-debuginfo, gpg2-debugsource, gpg2-lang
Products:
SLE-DEBUGINFO 11-SP1 (i386, s390x, x86_64)
SLE-SERVER 11-SP1-LTSS (i386, s390x, x86_64)
Comment 32 Swamp Workflow Management 2014-06-03 23:05:33 UTC
SUSE-SU-2014:0750-1: An update that contains security fixes can now be installed.

Category: security (moderate)
Bug References: 778723,780943,798465,808958,840510,844175
CVE References: 
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    gpg2-2.0.9-25.33.37.6