oss-sec mailing list archives

Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015)

From: cve-assign () mitre org
Date: Fri, 13 Feb 2015 18:27:31 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html


Can you provide more information about a scenario in which a GnuPG
NULL pointer dereference has a security impact? A typical use case of
GnuPG is a single session with a single command line. The code in
question is not part of Libgcrypt, which may be used for long-running
processes.

Do you mean that:

  1. it is possible to create the problematic keyring
     using --import commands, e.g., the user has
     imported normal keys for years and now imports
     a crafted key

  2. the problematic keyring makes the product largely
     unusable, e.g., there is a crash with a common
     command such as --list-keys

  3. it is not possible to fix the problematic keyring
     with any available commands such as --delete-keys

  4. therefore, the product remains unusable unless the
     user obtains other code to correct the keyring, and
     thus there is a denial of service

?

If the situation were something like:

  1. the problematic keyring cannot be created using
     --import commands; the issue is specific to a
    new keyring that a user obtains from an untrusted
    source

  2. there is a crash in some situation

  3. the user can avoid the impact by discontinuing
     use of this new keyring

then we think that a CVE ID may not be applicable.

Also, access to each of your four crashes.fuzzing-project.org URLs
currently fails with a 403. We can probably provide at least two CVE
IDs in total after those URLs are available.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU3of5AAoJEKllVAevmvmscd8IAIJeHfu3UoyLoA3gs+SIsy+F
d45YIjagmNB/U9i5AYtBCgD+c3SYZnkCOFuqNjaxJPd0NgnhI6rkuc5bgkrbGKzL
SwVrHWtyqHBmfWHDvetekXaBSRvG0ufSJ4LkKpLD+aRXNQ/qqVqeEUT0U91TzIZH
0nv9ALKhfm41/cU6USACsRb16cfOdiWJ/dPrFFCRBmirM9RV01T+XXNeHLLPN1H1
9Rn5tyYWyu7NU9dmPhRJTwicyG9+apga9724lnuwzp6ujI0tT8pNSCm5xkQYiCHE
z96Kn1DjncJ7vRCs8v7+vVK4qB1qNjpHUd2pLqDr+1sy7d3uwT+W8kHY6cP0QL4=
=lEJf
-----END PGP SIGNATURE-----

Current thread:

Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) Hanno Böck (Feb 13)
- Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) cve-assign (Feb 13)
  - Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) Hanno Böck (Feb 13)
- Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) cve-assign (Feb 14)