oss-sec mailing list archives
Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015)
From: Hanno Böck <hanno () hboeck de>
Date: Sat, 14 Feb 2015 00:34:49 +0100
On Fri, 13 Feb 2015 18:27:31 -0500 (EST) cve-assign () mitre org wrote:
Can you provide more information about a scenario in which a GnuPG NULL pointer dereference has a security impact? A typical use case of GnuPG is a single session with a single command line. The code in question is not part of Libgcrypt, which may be used for long-running processes.
I don't really think these null ptr issues are vulnerabilities. I just mentioned everything I found with fuzzing in the advisory.
Do you mean that: 1. it is possible to create the problematic keyring using --import commands, e.g., the user has imported normal keys for years and now imports a crafted key 2. the problematic keyring makes the product largely unusable, e.g., there is a crash with a common command such as --list-keys 3. it is not possible to fix the problematic keyring with any available commands such as --delete-keys 4. therefore, the product remains unusable unless the user obtains other code to correct the keyring, and thus there is a denial of service
That's actually an interesting idea I haven't thought about, however would require further analysis whether it's possible.
Also, access to each of your four crashes.fuzzing-project.org URLs currently fails with a 403. We can probably provide at least two CVE IDs in total after those URLs are available.
Sorry, fixed. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) Hanno Böck (Feb 13)
- Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) cve-assign (Feb 13)
- Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) Hanno Böck (Feb 13)
- Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) cve-assign (Feb 14)
- Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) cve-assign (Feb 13)