lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050819151256.GA30560@piware.de>
Date: Fri, 19 Aug 2005 17:12:56 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-170-1] gnupg vulnerability

===========================================================
Ubuntu Security Notice USN-170-1	    August 19, 2005
gnupg vulnerability
CAN-2005-0366
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

gnupg

The problem can be corrected by upgrading the affected package to
version 1.2.4-4ubuntu2.1 (for Ubuntu 4.10), or 1.2.5-3ubuntu5.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Serge Mister and Robert Zuccherato discovered a weakness of the
symmetrical encryption algorithm of gnupg. When decrypting a message,
gnupg uses a feature called "quick scan"; this can quickly check
whether the key that is used for decryption is (probably) the right
one, so that wrong keys can be determined quickly without decrypting
the whole message.

A failure of the quick scan will be determined much faster than a
successful one.  Mister/Zuccherato demonstrated that this timing
difference can be exploited to an attack which allows an attacker to
decrypt parts of an encrypted message if an "oracle" is available, i.
e. an automatic system that receives random encrypted messages from
the attacker and answers whether it passes the quick scan check.

However, since the attack requires a huge amount of oracle answers
(about 32.000 for every 16 bytes of ciphertext), this attack is mostly
theoretical. It does not have any impact on human operation of gnupg
and is not believed to be exploitable in practice.

The updated packages disable the quick check, which renders this
timing attack impossible.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubuntu2.1.diff.gz
      Size/MD5:    56779 535ca76d0ef8e62ca39885695a09b55e
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubuntu2.1.dsc
      Size/MD5:      619 8fb0039e446c6c43670d1d46dbdcec4f
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4.orig.tar.gz
      Size/MD5:  3451202 adfab529010ba55533c8e538c0b042a2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubuntu2.1_amd64.deb
      Size/MD5:  1721956 c5ad08ee5c515a4704d90995cce78d24

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubuntu2.1_i386.deb
      Size/MD5:  1667010 a5bee7d9a0806a8cfc34e9fa630170ee

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubuntu2.1_powerpc.deb
      Size/MD5:  1721372 63e8981a1811f86885a94ce852d5d692

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.1.diff.gz
      Size/MD5:    63056 504f55111886a4b9374c194fa03f53c8
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.1.dsc
      Size/MD5:      654 82a302b486f65b7a1c7c4cbf44450729
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5.orig.tar.gz
      Size/MD5:  3645308 9109ff94f7a502acd915a6e61d28d98a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.1_amd64.deb
      Size/MD5:   805058 7df82bdac6114a8901be677df747ba3e
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.1_amd64.udeb
      Size/MD5:   146276 0229d7a37bb97926a600c8adf1d56afe

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.1_i386.deb
      Size/MD5:   750094 e8653aba101299b9964873b097911ed5
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.1_i386.udeb
      Size/MD5:   121180 7576662e8ffd07063b1f349f75cab0d0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.1_powerpc.deb
      Size/MD5:   805618 3a2da610043d28171e839ed0a1c20148
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.1_powerpc.udeb
      Size/MD5:   135250 ae393ff66004dccca13f9245d932218e

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ