exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

GnuPG 1.4.12 Database Corruption

GnuPG 1.4.12 Database Corruption
Posted Dec 31, 2012
Authored by KB Sriram

GnuPG versions 1.4.12 and below are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated.

tags | advisory
advisories | CVE-2012-6085
SHA-256 | 0a3dbb2e061bd0a63a4632c1ff476033b308773427245372f500f2fae7b5b060

GnuPG 1.4.12 Database Corruption

Change Mirror Download
Versions of GnuPG <= 1.4.12 are vulnerable to memory access violations
and public keyring database corruption when importing public keys that
have been manipulated.

An OpenPGP key can be fuzzed in such a way that gpg segfaults (or has
other memory access violations) when importing the key.

The key may also be fuzzed such that gpg reports no errors when
examining the key (eg: "gpg the_bad_key.pkr") but importing it causes
gpg to corrupt its public keyring database.

The database corruption issue was first reported on Dec 6th, through
the gpg bug tracking system:

https://bugs.g10code.com/gnupg/issue1455

The subsequent memory access violation was discovered and reported in
a private email with the maintainer on Dec 20th.

A zip file with keys that causes segfaults and other errors is
available at http://dl.dropbox.com/u/18852638/gnupg-issues/1455.zip
and includes a log file that demonstrates the issues [on MacOS X and
gpg 1.4.11]

A new version of gpg -- 1.4.13 -- that addressed both these issues, was
independently released by the maintainer on Dec 20th.

The simplest solution is to upgrade all gpg installs to 1.4.13.

[Workarounds: A corrupted database may be recovered by manually
copying back the pubring.gpg~ backup file. Certain errors may also be prevented
by never directly importing a key, but first just "looking" at the key
(eg: "gpg bad_key.pkr"). However, this is not guaranteed to work in all cases;
though upgrading to 1.4.13 does work for the issues reported.]

Discovery:

The problem was discovered during a byte-fuzzing test of OpenPGP
certificates for an unrelated application. Each byte in turn was
replaced by a random byte, and the modified certificate fed to the
application to check that it handled errors correctly. Gpg was used as
a control, but it itself turned out to have errors related to packet
parsing. The errors are generally triggered when fuzzing the length
field of OpenPGP packets, which cascades into subsequent errors in
certain situations.

-kb
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close