COMMAND
GPG
SYSTEMS AFFECTED
GPG 1.0.3
PROBLEM
Jim Small found following. Attached is multiple copies of a file
he had signed. Then he started modifying parts of the SIGNED
message to see if gpg could detect that the messages had been
altered. It did not detect them, so long as the last signed
message had not been altered.
Save this advisory as newfile.asc and run
gpg --verify newfile.asc -o /dev/null
to see for yourself (the key it was signed with is available via
keyservers).
asdfasfasdfd
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I just added by one stuff to thie message
bogugfirst file encrypted with nobody dude on uinix box, send to nethole forpmail
this is actually encrypted with a valid pgpg key imported form win95
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE538QlZi9y1BQncn4RAj/vAKCmfScBFegl6LMD3Q99N51pvuHAIQCfUv5+ a05Yt6xZwd/PxtQsRe+88AQ=
=siBR
-----END PGP SIGNATURE-----
middle stuff
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
another wrong
first file encrypted with nobody dude on uinix box, send to nethole forpmail
this is actually encrypted with a valid pgpg key imported form win95
another file
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE538hvZi9y1BQncn4RAolnAKCwEJTyPm6895ybQfk1D5IfeqJjmwCg4MlP 3NbvJocg5ksql40aOTZf0MY=
=yBf2
-----END PGP SIGNATURE-----
asfasfasf end stuff
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
first file encrypted with nobody dude on uinix box, send to nethole forpmail
this is actually encrypted with a valid pgpg key imported form win95
bogud
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE538QlZi9y1BQncn4RAj/vAKCmfScBFegl6LMD3Q99N51pvuHAIQCfUv5+ a05Yt6xZwd/PxtQsRe+88AQ=
=siBR
-----END PGP SIGNATURE-----
stuff
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
first file encrypted with nobody dude on uinix box, send to nethole forpmail
this is actually encrypted with a valid pgpg key imported form win95
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE538QlZi9y1BQncn4RAj/vAKCmfScBFegl6LMD3Q99N51pvuHAIQCfUv5+ a05Yt6xZwd/PxtQsRe+88AQ=
=siBR
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
first file encrypted with nobody dude on uinix box, send to nethole forpmail
this is actually encrypted with a valid pgpg key imported form win95
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE538QlZi9y1BQncn4RAj/vAKCmfScBFegl6LMD3Q99N51pvuHAIQCfUv5+ a05Yt6xZwd/PxtQsRe+88AQ=
=siBR
-----END PGP SIGNATURE-----
gpg: Signature made Sat Oct 7 17:47:33 2000 PDT using DSA key ID 1427727E
gpg: Good signature from "James F. Small, Jr. <smallj@nethole.com>" gpg: aka "Jim Small <smallj@pacbell.net>" gpg: aka "James F. Small, Jr. <smallj@saic.com>" gpg: aka "James F. Small, Jr. <smallj@small.cx>" gp
g: Signature made Sat Oct 7 18:05:51 2000 PDT using DSA key ID 1427727E
gpg: BAD signature from "James F. Small, Jr. <smallj@nethole.com>" gpg: Signature made Sat Oct 7 17:47:33 2000 PDT using DSA key ID 1427727E
gpg: Good signature from "James F. Small, Jr. <smallj@nethole.com>" gpg: aka "Jim Small <smallj@pacbell.net>" gpg: aka "James F. Small, Jr. <smallj@saic.com>" gpg: aka "James F. Small, Jr. <smallj@small.cx>" gp
g: Signature made Sat Oct 7 17:47:33 2000 PDT using DSA key ID 1427727E
gpg: Good signature from "James F. Small, Jr. <smallj@nethole.com>" gpg: aka "Jim Small <smallj@pacbell.net>" gpg: aka "James F. Small, Jr. <smallj@saic.com>" gpg: aka "James F. Small, Jr. <smallj@small.cx>" gp
g: Signature made Sat Oct 7 17:47:33 2000 PDT using DSA key ID 1427727E
gpg: Good signature from "James F. Small, Jr. <smallj@nethole.com>" gpg: aka "Jim Small <smallj@pacbell.net>" gpg: aka "James F. Small, Jr. <smallj@saic.com>" gpg: aka "James F. Small, Jr. <smallj@small.cx>"
If you have more than one cleartext signature in a file (or pipe
that to gpg), gpg does not compare each signature but flags each
document as good or bad depending on the first document in the
file. This is a very serious bug in gpg's verification function.
SOLUTION
A snapshot version which corrects this bug available at:
ftp://ftp.guug.de/gcrypt/devel/gnupg-1.0.3b.tar.gz
ftp://ftp.guug.de/gcrypt/devel/gnupg-1.0.3b.tar.gz.sig
This version also comes with AES support but there are still the
same problems with building on Solaris and HP/UX as in 1.0.3.
This problem has been in GnuPG since the beginning but Jim's seems
to be the first one who noiced that. This bug is just one more
prove that "given enough eyeballs all bugs are shallow" can not
be held true when it comes to the security bugs; well, the bugs
are probably found faster - but most times only be coincedence.
For Debian:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/gnupg-1.0.4-2.i386.rpm
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS/gnupg-1.0.4-2.src.rpm
For Linux-Mandrake:
Linux-Mandrake 7.0: 7.0/RPMS/gnupg-1.0.4-2mdk.i586.rpm
7.0/SRPMS/gnupg-1.0.4-2mdk.src.rpm
Linux-Mandrake 7.1: 7.1/RPMS/gnupg-1.0.4-2mdk.i586.rpm
7.1/SRPMS/gnupg-1.0.4-2mdk.src.rpm
For Red Hat:
ftp://updates.redhat.com/6.2/alpha/gnupg-1.0.4-4.6.x.alpha.rpm
ftp://updates.redhat.com/6.2/sparc/gnupg-1.0.4-4.6.x.sparc.rpm
ftp://updates.redhat.com/6.2/i386/gnupg-1.0.4-4.6.x.i386.rpm
ftp://updates.redhat.com/6.2/SRPMS/gnupg-1.0.4-4.6.x.src.rpm
ftp://updates.redhat.com/7.0/i386/gnupg-1.0.4-5.i386.rpm
ftp://updates.redhat.com/7.0/SRPMS/gnupg-1.0.4-5.src.rpm
Update for Immunix OS 6.2 (StackGuarded versions of the RedHat
packages) can be found at:
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/gnupg-1.0.4-4.6.x_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/gnupg-1.0.4-4.6.x_StackGuard.src.rpm
For Conectiva Linux:
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/gnupg-1.0.4-1cl.i386.rpm
Trustix recently released updated package of gpg. Users of TSL
1.0x and 1.1 that worry about local security should definitely
upgrade:
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/gnupg-1.0.4-2tr.i586.rpm
http://www.trustix.net/download/Trustix/updates/1.1/RPMS/gnupg-1.0.4-2tr.i586.rpm
For FreeBSD:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/gnupg-1.04.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/gnupg-1.04.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/security/gnupg-1.04.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/gnupg-1.04.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/security/gnupg-1.04.tgz
For Debian:
http://security.debian.org/dists/stable/updates/main/source/gnupg_1.0.4-1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/gnupg_1.0.4-1.dsc
http://security.debian.org/dists/stable/updates/main/source/gnupg_1.0.4.orig.tar.gz
http://security.debian.org/dists/stable/updates/main/binary-alpha/gnupg_1.0.4-1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/gnupg_1.0.4-1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/gnupg_1.0.4-1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/gnupg_1.0.4-1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/gnupg_1.0.4-1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/gnupg_1.0.4-1_sparc.deb