Date: Thu, 17 May 2001 11:53:16 -0600
From: Caldera Support Information <[email protected]>
To: [email protected]Subject: Security update: [CSSA-2001-17.0] gnupg - private key retrieval vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
___________________________________________________________________________=
___
Caldera Systems, Inc. Security Advisory
Subject: gnupg - private key retrieval vulnerability
Advisory number: CSSA-2001-017.0
Issue date: 2001 May, 15
Cross reference:
___________________________________________________________________________=
___
1. Problem Description
Researchers from ICZ, a Czech information security company, have
discovered a vulnerability in the secret key handling of GnuPG.
Certain manipulations of the victim's secret key ring can result
in the disclosure of the private key when signing messages.
This requires the attacker to have write access to the secret key
ring of the victim, which usually would also allow him to just
modify the gpg binary or install snooping software, so the attack
itself is more of theoretical nature.
The technical background for this attack is explained in
* http://www.i.cz/pdf/pgp/OpenPGP_attack_CZ.pdf (czech version)
* http://www.icz.cz/en/pdf/openPGP_attack_ENGvktr.pdf (english
* version)
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux 2.3 All packages previous to
gnupg-1.0.5-3
OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder gnupg-1.0.5-3
OpenLinux eDesktop 2.4 All packages previous to
gnupg-1.0.5-3
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
4. OpenLinux 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
084b2a3e1a352630a68108d47f09c286 RPMS/gnupg-1.0.5-3.i386.rpm
0335e8b1b0230ee58ae39c4603ce5d8d SRPMS/gnupg-1.0.5-3.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fhv gnupg-*.i386.rpm
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
75b032166b0fb5a389aaf5b2e13f98e6 RPMS/gnupg-1.0.5-3.i386.rpm
0335e8b1b0230ee58ae39c4603ce5d8d SRPMS/gnupg-1.0.5-3.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh gnupg-*i386.rpm
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
31c53f76dfe78419b6f1975bad2d89a4 RPMS/gnupg-1.0.5-3.i386.rpm
0335e8b1b0230ee58ae39c4603ce5d8d SRPMS/gnupg-1.0.5-3.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh gnupg-*i386.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 9581.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
9. Acknowledgements:
Caldera International wishes to thank the ICZ team for spotting this
problem.
___________________________________________________________________________=
___
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7AmVB18sy83A/qfwRAq59AKCats/5IlvHjPQEnDXGqApSvBvfhACeO3kU
0ZgH1MJp3WwwqvUXPjIrUl8=3D
=3DPJMT
-----END PGP SIGNATURE-----
=00
