Bugzilla – Bug 840510
VUL-0: CVE-2013-4351: gpg2: GnuPG treats no-usage-permitted keys as all-usages-permitted
Last modified: 2014-06-03 23:05:33 UTC
Public via oss-security. Date: Fri, 13 Sep 2013 02:32:47 -0400 From: Daniel Kahn Gillmor Subject: [oss-security] GnuPG treats no-usage-permitted keys as all-usages-permitted RFC 4880 permits OpenPGP keyholders to mark their primary keys and subkeys with a "key flags" packet that indicates the capabilities of the key [0]. These are represented as a set of binary flags, including things like "This key may be used to encrypt communications." If a key or subkey has this "key flags" subpacket attached with all bits cleared (off), GnuPG currently treats the key as having all bits set (on). While keys with this sort of marker are very rare in the wild, GnuPG's misinterpretation of this subpacket could lead to a breach of confidentiality or a mistaken identity verification. Potential Confidentiality Breach -------------------------------- For example, if Alice has a subkey X whose "key flags" subpacket has all bits cleared (because she is using it for something not documented in the spec, perhaps something experimental or risky), and Bob sends Alice an e-mail encrypted using GnuPG, Bob may accidentally encrypt the message to key X, depsite Alice having clearly stated that the key is not to be used for encrypted communications. If Alice's intended use of X turns out to compromise the key itself somehow, then the attacker can read Bob's otherwise confidential communication to Alice. Potential Mistaken Identity Verification ---------------------------------------- Consider the scenario above, but where Bob is in general willing to rely on OpenPGP certifications made by Alice. The legitimate form of these certifications are usually made by Alice's primary key, which is marked as "certification-capable". Because Bob's GnuPG misinterprets the usage flags on subkey X, Bob may be able to be tricked into believing that Alice has certified someone else's OpenPGP identity if an attacker manages to coax Alice into using subkey X in a way that is replayable as an OpenPGP certification. These risks are unlikely today (there are very few certifications in the wild with an all-zero key flags subpacket), and they are not particularly dangerous (for a compromise to happen, there needs to also be a cross-context abuse of the mis-classified key, which i do not have a concrete example of). But the keyholder's stated intent of separating out keys by context of use is being ignored, so there is a window of vulnerability that should not be open. There is also a (maybe non-security) functionality issue here, in that GnuPG may mis-use the user's own keys if they are marked as described above (e.g. signing messages or certifying identities with a subkey that is explicitly marked as not being for that purpose). This problem was first reported to the GnuPG team back in March [1]. Patches are available, but appear to only be applied on the development branch (2.1.x). So stable branches 1.4.x and 2.0.x remain vulnerable at the moment. Could a CVE be issued for this? Regards, --dkg [0] https://tools.ietf.org/html/rfc4880#section-5.2.3.21 [1] http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138 ------------- CVE-2013-4351 was assigned to this issue.
This is an autogenerated message for OBS integration: This bug (840510) was mentioned in https://build.opensuse.org/request/show/199229 Maintenance /
This is an autogenerated message for OBS integration: This bug (840510) was mentioned in https://build.opensuse.org/request/show/199251 12.2+12.3 / gpg2
This is an autogenerated message for OBS integration: This bug (840510) was mentioned in https://build.opensuse.org/request/show/199273 12.2+12.3 / gpg2
This is an autogenerated message for OBS integration: This bug (840510) was mentioned in https://build.opensuse.org/request/show/199272 Maintenance /
This is an autogenerated message for OBS integration: This bug (840510) was mentioned in https://build.opensuse.org/request/show/199283 Factory / gpg2
bugbot adjusting priority
The SWAMPID for this issue is 54530. This issue was rated as low. Please submit fixed packages until 2013-10-24. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
All packages should be submitted. Handing over to security-team.
This is an autogenerated message for OBS integration: This bug (840510) was mentioned in https://build.opensuse.org/request/show/201102 12.2+12.3 / gpg2
openSUSE-SU-2013:1494-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 840510 CVE References: CVE-2013-4351 Sources used: openSUSE 12.3 (src): gpg2-2.0.19-5.8.1 openSUSE 12.2 (src): gpg2-2.0.19-2.8.1
there was a secondary submission. SR 201102 new (sec): <2047> home:vitezslav_cizek:branches:OBS_Maintained:gpg2/gpg2.openSUSE_12.2_Update home:vitezslav_cizek:branches:OBS_Maintained:gpg2/gpg2.openSUSE_12.3_Update home:vitezslav_cizek:branches:OBS_Maintained:gpg2/patchinfo which now has conflicts... should it have replaced the previous released one?
(In reply to comment #15) > there was a secondary submission. > > should it have replaced the previous released one? No. I thought I revoked the previous openSUSE requests, so I submitted this one. (The only difference is an improved comment in changes) I'll revoke the 201102 request, now that the previous one was accepted. Also reassigning the bug to security-team.
ok. sle update still running
openSUSE-SU-2013:1532-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 840510 CVE References: CVE-2013-4351 Sources used: openSUSE 11.4 (src): gpg2-2.0.19-14.1
This is an autogenerated message for OBS integration: This bug (840510) was mentioned in https://build.opensuse.org/request/show/202893 Evergreen:11.2:Test / gpg2
This is an autogenerated message for OBS integration: This bug (840510) was mentioned in https://build.opensuse.org/request/show/203987 Evergreen:11.2 / gpg2
released
Update released for: gpg Products: SUSE-CORE 9-SP3-TERADATA (x86_64)
Update released for: gpg, gpg-debuginfo Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: gpg2, gpg2-debuginfo, gpg2-debugsource, gpg2-lang Products: SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: gpg2, gpg2-debuginfo, gpg2-debugsource, gpg2-lang Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
Update released for: gpg2, gpg2-debuginfo, gpg2-debugsource, gpg2-lang Products: SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP2 (i386, x86_64) SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
Update released for: gpg2, gpg2-debuginfo Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: gpg, gpg-debuginfo Products: SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)
Update released for: gpg, gpg-debuginfo Products: SLE-SERVER 10-SP4-LTSS (i386, s390x, x86_64)
Created attachment 592175 [details] testkey.asc test from http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138
Update released for: gpg2, gpg2-debuginfo, gpg2-debugsource, gpg2-lang Products: SLE-DEBUGINFO 11-SP1 (i386, s390x, x86_64) SLE-SERVER 11-SP1-LTSS (i386, s390x, x86_64)
SUSE-SU-2014:0750-1: An update that contains security fixes can now be installed. Category: security (moderate) Bug References: 778723,780943,798465,808958,840510,844175 CVE References: Sources used: SUSE Linux Enterprise Server 11 SP1 LTSS (src): gpg2-2.0.9-25.33.37.6