SuSE-SA:2003:048: gpg

2004-07-2500:00:00

www.tenable.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.012

Percentile

85.5%

JSON

The remote host is missing the patch for the advisory SuSE-SA:2003:048 (gpg).

The gnupg (the SUSE package is named gpg) package is the most widely used software for cryptographic encryption/decryption of data.

Two independent errors have been found in gpg (GnuPG) packages as shipped with SUSE products:

A) A format string error in the client code that does key retrieval from a (public) key server B) A cryptographic error in gpg that results in a compromise of a cryptographic keypair if ElGamal signing keys have been used for generating the key.

A) There exists a format string error in thhe client code for key retrieval from a keyserver. gpg-1.2.x version packages are affected by this vulnerability.
The format string error can be used by an attacker performing a man-in-the-middle-attack between you and your keyserver, or by a compromised keyserver. The result is a crash of gpg or a potential execution of arbitrary code provided by the attacker, if the keyserver is used for key retrieval at the time of the attack.

B) Werner Koch, the author of the gpg package, has publicly announced a weakness in gpg that has been reported to him by Phong Nguyen: ElGamal signing keys can be attacked within seconds to reveal the private key of the keypair. It is strongly advised that ElGamal signing keys should be revoked immediately. Only ElGamal keys are affected, other types are not vulnerable.

To find out if you are using an ElGamal signing key, list your public keys using the command

gpg --list-keys your_keyid

Example:
$ gpg --list-keys [email protected] pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <[email protected]> sub 2048g/8495160C 2000-10-19 [expires: 2006-02-12] $

If your key lists a capital ‘G’ after the key’s length (like in pub 1536G/…), then your key is vulnerable. A small letter ‘g’ after the key length does NOT indicate any problem.
ElGamal keys can be used for primary keys as well as for subkeys. In the case where only a subkey is an ElGamal key, it is sufficient to revoke this specific subkey.

To revoke a key, generate a revocation certificate using the following command:

gpg --gen-revoke your_keyid > revocation_certificate.pgp

Then, the revokation certificate must be imported into your keyring:

gpg --import < revocation_certificate.pgp

As your last action, send the key with its revocation certificate to the keyservers that know your key:

gpg --keyserver wwwkeys.eu.pgp.net --send-keys your_keyid

ElGamal keys can only be generated by gpg if a special option (–expert) has been used to reveal ‘expert’ options, and if a warning has been ignored after your choice to use ElGamal keys. Such keys are rare (Werner Koch reports 848 primary ElGamal signing keys and 324 vulnerable subkeys on the keyservers.). Therefore, we expect that only experienced users of gpg may be vulnerable to the ElGamal signing key error.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# This plugin text was extracted from SuSE Security Advisory SuSE-SA:2003:048
#


if ( ! defined_func("bn_random") ) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if(description)
{
 script_id(13816);
 script_bugtraq_id(9115);
 script_version("1.16");
 script_cve_id("CVE-2003-0971");
 
 name["english"] = "SuSE-SA:2003:048: gpg";
 
 script_name(english:name["english"]);
 
 script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a vendor-supplied security patch" );
 script_set_attribute(attribute:"description", value:
"The remote host is missing the patch for the advisory SuSE-SA:2003:048 (gpg).


The gnupg (the SUSE package is named gpg) package is the most widely 
used software for cryptographic encryption/decryption of data.

Two independent errors have been found in gpg (GnuPG) packages as shipped
with SUSE products: 

A) A format string error in the client code that does key retrieval
from a (public) key server
B) A cryptographic error in gpg that results in a compromise of a
cryptographic keypair if ElGamal signing keys have been used for
generating the key.


A)
There exists a format string error in thhe client code for key retrieval
from a keyserver. gpg-1.2.x version packages are affected by this 
vulnerability.
The format string error can be used by an attacker performing a 
man-in-the-middle-attack between you and your keyserver, or by a
compromised keyserver. The result is a crash of gpg or a potential 
execution of arbitrary code provided by the attacker, if the keyserver
is used for key retrieval at the time of the attack.

B)
Werner Koch, the author of the gpg package, has publicly announced a
weakness in gpg that has been reported to him by Phong Nguyen: 
ElGamal signing keys can be attacked within seconds to reveal the
private key of the keypair. It is strongly advised that ElGamal signing
keys should be revoked immediately. Only ElGamal keys are affected, other
types are not vulnerable.

To find out if you are using an ElGamal signing key, list your public
keys using the command

gpg --list-keys your_keyid

Example:
$ gpg --list-keys [email protected]
pub  1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <[email protected]>
sub  2048g/8495160C 2000-10-19 [expires: 2006-02-12]
$ 

If your key lists a capital 'G' after the key's length (like in
pub  1536G/...), then your key is vulnerable. A small letter 'g' after
the key length does NOT indicate any problem.
ElGamal keys can be used for primary keys as well as for subkeys. In the
case where only a subkey is an ElGamal key, it is sufficient to revoke
this specific subkey.

To revoke a key, generate a revocation certificate using the following 
command:

gpg --gen-revoke your_keyid > revocation_certificate.pgp

Then, the revokation certificate must be imported into your keyring:

gpg --import < revocation_certificate.pgp

As your last action, send the key with its revocation certificate
to the keyservers that know your key:

gpg --keyserver wwwkeys.eu.pgp.net --send-keys your_keyid


ElGamal keys can only be generated by gpg if a special option (--expert)
has been used to reveal 'expert' options, and if a warning has been
ignored after your choice to use ElGamal keys. Such keys are rare 
(Werner Koch reports 848 primary ElGamal signing keys and 324 vulnerable 
subkeys on the keyservers.). Therefore, we expect that only experienced
users of gpg may be vulnerable to the ElGamal signing key error." );
 script_set_attribute(attribute:"solution", value:
"http://www.suse.de/security/2003_048_gpg.html" );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");




 script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/25");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
 script_end_attributes();

 
 summary["english"] = "Check for the version of the gpg package";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
 family["english"] = "SuSE Local Security Checks";
 script_family(english:family["english"]);
 
 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/SuSE/rpm-list");
 exit(0);
}

include("rpm.inc");
if ( rpm_check( reference:"gpg-1.2.2-121", release:"SUSE9.0") )
{
 security_warning(0);
 exit(0);
}
if ( rpm_check( reference:"gpg-1.2.2rc1-98", release:"SUSE8.2") )
{
 security_warning(0);
 exit(0);
}
if (rpm_exists(rpm:"gpg-", release:"SUSE9.0")
 || rpm_exists(rpm:"gpg-", release:"SUSE8.2") )
{
 set_kb_item(name:"CVE-2003-0971", value:TRUE);
}