The GnuPG Project takes the security of software it develops veryseriously. In general we prefer a full disclosure approach and allbugs listed in our bug tracker as well as code changes in our softwarerepository are public. Given that GnuPG is an important part of manysoftware distributions and severe bugs in GnuPG would affect theirusers directly, we co-ordinate with them in private as soon as welearn about a severe vulnerability.

If you found a severe security problem and you do not want topublish it, please report it by mail to security at gnupg.org. Weprefer reports in plain text format; if needed we can also work withPDF files. For security reasons we won't read any other complex dataformats (e.g. docx or odt).

Serious Vulnerability Flaw Found in GPG – GnuPG

Note that we do not use a team OpenPGP key. Thus please write anon-encrypted message to the security address and ask for the keys ofthe developers at duty and then encrypt the mail to all of them. Alist of our core developers can be found here; they are all active onthe gnupg-devel mailing list.

Released earlier this month, GnuPG version 2.2.8 addresses CVE-2018-12020, a vulnerability affecting GnuPG, Enigmail, GPGTools and python-gnupg, Marcus Brinkmann, who discovered the bug, reveals. Brinkmann has dubbed the flaw SigSpoof.

Airgapping to read messages users of your website send to you sounds way over-cautious to me unless you're running the next Silk Road and are afraid US law enforcement is after you, in which case I could understand why you worry. But if you do want to isolate gpg, you can use software such as firejail. This means that an attacker who has found a flaw in GnuPG that allows him to run arbitrary code will also have to find a flaw in the linux kernel before he can escape from the jail into your actual system and do more damage.

From: Werner Koch To: bugtraq-AT-securityfocus.comSubject: GnuPG: remotely controllable function pointer [CVE-2006-6235]Date: Wed, 06 Dec 2006 16:58:16 +0100Cc: lwn-AT-lwn.net GnuPG: remotely controllable function pointer [CVE-2006-6235] =============================================================== 2006-12-04Summary=======Tavis Ormandy of the Gentoo security team identified a severe andexploitable bug in the processing of encrypted packets in GnuPG.[ Please do not send private mail in response to this message. The mailing list gnupg-devel is the best place to discuss this problem (please subscribe first so you don't need moderator approval [1]). ]Impact======Using malformed OpenPGP packets an attacker is able to modify anddereference a function pointer in GnuPG. This is a remotelyexploitable bug and affects any use of GnuPG where an attacker cancontrol the data processed by GnuPG. It is not necessary limited toencrypted data, also signed data may be affected.Affected versions: All versions of GnuPG refcount);+ if ( !--dfx->refcount )+ + cipher_close (dfx->cipher_hd);+ dfx->cipher_hd = NULL;+ md_close (dfx->mdc_hash);+ dfx->mdc_hash = NULL;+ xfree (dfx);+ + /****************@@ -60,7 +80,10 @@ decrypt_data( void *procctx, PKT_encrypt unsigned blocksize; unsigned nprefix; - memset( &dfx, 0, sizeof dfx );++ dfx = xcalloc (1, sizeof *dfx);+ dfx->refcount = 1;+ if( opt.verbose && !dek->algo_info_printed ) const char *s = cipher_algo_to_string( dek->algo ); if( s )@@ -79,15 +102,15 @@ decrypt_data( void *procctx, PKT_encrypt BUG(); if( ed->mdc_method ) -dfx.mdc_hash = md_open( ed->mdc_method, 0 );+dfx->mdc_hash = md_open ( ed->mdc_method, 0 ); if ( DBG_HASHING )- md_start_debug(dfx.mdc_hash, "checkmdc");+ md_start_debug (dfx->mdc_hash, "checkmdc"); - dfx.cipher_hd = cipher_open( dek->algo,- ed->mdc_method? CIPHER_MODE_CFB- : CIPHER_MODE_AUTO_CFB, 1 );+ dfx->cipher_hd = cipher_open ( dek->algo,+ ed->mdc_method? CIPHER_MODE_CFB+ : CIPHER_MODE_AUTO_CFB, 1 ); /* log_hexdump( "thekey", dek->key, dek->keylen );*/- rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen );+ rc = cipher_setkey ( dfx->cipher_hd, dek->key, dek->keylen ); if( rc == G10ERR_WEAK_KEY ) log_info(_("WARNING: message was encrypted with"@@ -105,7 +128,7 @@ decrypt_data( void *procctx, PKT_encrypt goto leave; - cipher_setiv( dfx.cipher_hd, NULL, 0 );+ cipher_setiv ( dfx->cipher_hd, NULL, 0 ); if( ed->len ) for(i=0; i len; i++, ed->len-- ) @@ -122,8 +145,8 @@ decrypt_data( void *procctx, PKT_encrypt else temp[i] = c; - cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2);- cipher_sync( dfx.cipher_hd );+ cipher_decrypt ( dfx->cipher_hd, temp, temp, nprefix+2);+ cipher_sync ( dfx->cipher_hd ); p = temp; /* log_hexdump( "prefix", temp, nprefix+2 ); */ if(dek->symmetric@@ -133,34 +156,34 @@ decrypt_data( void *procctx, PKT_encrypt goto leave; - if( dfx.mdc_hash )-md_write( dfx.mdc_hash, temp, nprefix+2 );+ if ( dfx->mdc_hash )+md_write ( dfx->mdc_hash, temp, nprefix+2 ); - if( ed->mdc_method )-iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx );+ dfx->refcount++;+ if ( ed->mdc_method )+iobuf_push_filter( ed->buf, mdc_decode_filter, dfx ); else-iobuf_push_filter( ed->buf, decode_filter, &dfx );+iobuf_push_filter( ed->buf, decode_filter, dfx ); proc_packets( procctx, ed->buf ); ed->buf = NULL;- if( ed->mdc_method && dfx.eof_seen == 2 )+ if( ed->mdc_method && dfx->eof_seen == 2 ) rc = G10ERR_INVALID_PACKET; else if( ed->mdc_method ) /* check the mdc */ int datalen = md_digest_length( ed->mdc_method ); -cipher_decrypt( dfx.cipher_hd, dfx.defer, dfx.defer, 20);-md_final( dfx.mdc_hash );+cipher_decrypt ( dfx->cipher_hd, dfx->defer, dfx->defer, 20);+md_final ( dfx->mdc_hash ); if( datalen != 20- leave:- cipher_close(dfx.cipher_hd);- md_close( dfx.mdc_hash );+ release_dfx_context (dfx); return rc; @@ -171,7 +194,7 @@ static int mdc_decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) - decode_filter_ctx_t *dfx = opaque;+ decode_filter_ctx_t dfx = opaque; size_t n, size = *ret_len; int rc = 0; int c;@@ -226,8 +249,10 @@ mdc_decode_filter( void *opaque, int con if( n ) - cipher_decrypt( dfx->cipher_hd, buf, buf, n);- md_write( dfx->mdc_hash, buf, n );+ if (dfx->cipher_hd)+ cipher_decrypt( dfx->cipher_hd, buf, buf, n);+ if (dfx->mdc_hash)+ md_write( dfx->mdc_hash, buf, n ); else assert( dfx->eof_seen );@@ -235,6 +260,9 @@ mdc_decode_filter( void *opaque, int con *ret_len = n; }+ else if ( control == IOBUFCTRL_FREE ) + release_dfx_context (dfx);+ else if( control == IOBUFCTRL_DESC ) *(char**)buf = "mdc_decode_filter"; @@ -244,7 +272,7 @@ mdc_decode_filter( void *opaque, int con static int decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) - decode_filter_ctx_t *fc = opaque;+ decode_filter_ctx_t fc = opaque; size_t n, size = *ret_len; int rc = 0; @@ -252,12 +280,17 @@ decode_filter( void *opaque, int control assert(a); n = iobuf_read( a, buf, size ); if( n == -1 ) n = 0;-if( n )- cipher_decrypt( fc->cipher_hd, buf, buf, n);+if( n ) + if (fc->cipher_hd)+ cipher_decrypt( fc->cipher_hd, buf, buf, n);+ else rc = -1; /* eof */ *ret_len = n; + else if ( control == IOBUFCTRL_FREE ) + release_dfx_context (fc);+ else if( control == IOBUFCTRL_DESC ) *(char**)buf = "decode_filter"; This is a patch against GnuPG 2.0.1. Change the directory to g10/ andapply this patch.2006-12-02 Werner Koch * encr-data.c: Allocate DFX context on the heap and not on thestack. Changes at several places. Fixes CVE-2006-6235.Index: encr-data.c===================================================================--- encr-data.c(revision 4352)+++ encr-data.c(working copy)@@ -39,16 +39,37 @@ static int decode_filter ( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len); -typedef struct +typedef struct decode_filter_context_s gcry_cipher_hd_t cipher_hd; gcry_md_hd_t mdc_hash; char defer[22]; int defer_filled; int eof_seen;- decode_filter_ctx_t;+ int refcount;+} *decode_filter_ctx_t; +/* Helper to release the decode context. */+static void+release_dfx_context (decode_filter_ctx_t dfx)++ if (!dfx)+ return;++ assert (dfx->refcount);+ if ( !--dfx->refcount )+ + gcry_cipher_close (dfx->cipher_hd);+ dfx->cipher_hd = NULL;+ gcry_md_close (dfx->mdc_hash);+ dfx->mdc_hash = NULL;+ xfree (dfx);+ ++++ /**************** * Decrypt the data, specified by ED with the key DEK. */@@ -62,7 +83,11 @@ unsigned blocksize; unsigned nprefix; - memset( &dfx, 0, sizeof dfx );+ dfx = xtrycalloc (1, sizeof *dfx);+ if (!dfx)+ return gpg_error_from_syserror ();+ dfx->refcount = 1;+ if ( opt.verbose && !dek->algo_info_printed ) const char *s = gcry_cipher_algo_name (dek->algo);@@ -77,20 +102,20 @@ goto leave; blocksize = gcry_cipher_get_algo_blklen (dek->algo); if ( !blocksize - if ( dfx.mdc_hash )- gcry_md_write (dfx.mdc_hash, temp, nprefix+2);- + if ( dfx->mdc_hash )+ gcry_md_write (dfx->mdc_hash, temp, nprefix+2);++ dfx->refcount++; if ( ed->mdc_method )- iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx );+ iobuf_push_filter ( ed->buf, mdc_decode_filter, dfx ); else- iobuf_push_filter( ed->buf, decode_filter, &dfx );+ iobuf_push_filter ( ed->buf, decode_filter, dfx ); proc_packets ( procctx, ed->buf ); ed->buf = NULL;- if ( ed->mdc_method && dfx.eof_seen == 2 )+ if ( ed->mdc_method && dfx->eof_seen == 2 ) rc = gpg_error (GPG_ERR_INV_PACKET); else if ( ed->mdc_method ) dfx->defer[1] != '\x14' ) log_error("mdc_packet with invalid encoding\n"); rc = gpg_error (GPG_ERR_INV_PACKET); else if (datalen != 20- leave:- gcry_cipher_close (dfx.cipher_hd);- gcry_md_close (dfx.mdc_hash);+ release_dfx_context (dfx); return rc; } @@ -214,7 +242,7 @@ mdc_decode_filter (void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) - decode_filter_ctx_t *dfx = opaque;+ decode_filter_ctx_t dfx = opaque; size_t n, size = *ret_len; int rc = 0; int c;@@ -226,11 +254,11 @@ else if( control == IOBUFCTRL_UNDERFLOW ) {- assert(a);- assert( size > 44 );+ assert (a);+ assert ( size > 44 ); /* Get at least 22 bytes and put it somewhere ahead in the buffer. */- for(n=22; n cipher_hd, buf, n, NULL, 0);- gcry_md_write (dfx->mdc_hash, buf, n);+ if ( dfx->cipher_hd )+ gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0);+ if ( dfx->mdc_hash )+ gcry_md_write (dfx->mdc_hash, buf, n); else @@ -289,6 +319,10 @@ *ret_len = n; + else if ( control == IOBUFCTRL_FREE ) + + release_dfx_context (dfx);+ else if ( control == IOBUFCTRL_DESC ) { *(char**)buf = "mdc_decode_filter";@@ -300,7 +334,7 @@ static int decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) - decode_filter_ctx_t *fc = opaque;+ decode_filter_ctx_t fc = opaque; size_t n, size = *ret_len; int rc = 0; @@ -311,11 +345,18 @@ if ( n == -1 ) n = 0; if ( n )- gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0);+ + if (fc->cipher_hd)+ gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0);+ else rc = -1; /* EOF */ *ret_len = n; + else if ( control == IOBUFCTRL_FREE ) + + release_dfx_context (fc);+ else if ( control == IOBUFCTRL_DESC ) { *(char**)buf = "decode_filter"; (Log in to post comments) A severe, remotely-exploitable GnuPG vulnerability Posted Dec 6, 2006 18:34 UTC (Wed) by holstein (guest, #6122) [Link]

2ff7e9595c