|
|
Gnu Privacy Guard (GnuPG) 对分离签名存在漏洞
发布时间:2000-12-22
更新时间:2000-12-22
严重程度:中
威胁程度:读取受限文件
错误类型:设计错误
利用方式:服务器模式
受影响系统GnuPG 1.0.3b
GnuPG 1.0.3
GnuPG 1.0.2
GnuPG 1.0 详细描述
所有版本的Gnu Privacy Guard (GnuPG) 存在一个关于对分离签名没有进行正确
检查的漏洞,在某些条件下,从他们的签字文件中分离签名的文本可以被攻击者
修改,其中问题存在于GNUPG的命令行语义中,当从分离文件中检查签名的完整
性时候,Ggnupg会按照下面的命令行执行:
gpg --verify signature.sig <signed-file.txt
问题就存在于这个格式中,但gunpg下面的命令也是成立:
gpg --verify signed-file.txt
当验证一带分离签名的问档时候如果规定的签名文件是它自己一合法的文档,
GnuPG可以验证所谓的"签名文件"而不报告任意错误信息。这样任何修改的
签名文档由于没有进行检查而不进行错误报告,所以攻击者可以利用这个漏洞,
写入所需要的内容到签名文件。
测试代码
尚无
解决方案
下载新的程序:
GnuPG GnuPG 1.0.3b:
Trustix RPM 1.2 gnupg-1.0.4-4tr.i586
http://www.trustix.net/pub/Trustix/updates/1.2/RPMS/gnupg-1.0.4-4tr.i586.rpm
Trustix RPM 1.0/1.1 gnupg-1.0.4-4tr.i586
http://www.trustix.net/pub/Trustix/updates/1.1/RPMS/gnupg-1.0.4-4tr.i586.rpm
RedHat RPM 6.x gnupg-1.0.4-8.6.x.i386
ftp://updates.redhat.com//6.2/i386/gnupg-1.0.4-8.6.x.i386.rpm
RedHat RPM 6.x gnupg-1.0.4-8.6.x.alpha
ftp://updates.redhat.com//6.2/alpha/gnupg-1.0.4-8.6.x.alpha.rpm
RedHat RPM 6.x gnupg-1.0.4-8.6.x.sparc
ftp://updates.redhat.com//6.2/sparc/gnupg-1.0.4-8.6.x.sparc.rpm
RedHat RPM 7.0 gnupg-1.0.4-9.alpha
ftp://updates.redhat.com//7.0/alpha/gnupg-1.0.4-9.alpha.rpm
RedHat RPM 7.0 gnupg-1.0.4-9.i386
ftp://updates.redhat.com//7.0/i386/gnupg-1.0.4-9.i386.rpm
GnuPG GnuPG 1.0.3:
RedHat RPM 7.0 gnupg-1.0.4-9.i386
ftp://updates.redhat.com//7.0/i386/gnupg-1.0.4-9.i386.rpm
RedHat RPM 7.0 gnupg-1.0.4-9.alpha
ftp://updates.redhat.com//7.0/alpha/gnupg-1.0.4-9.alpha.rpm
RedHat RPM 6.x gnupg-1.0.4-8.6.x.sparc
ftp://updates.redhat.com//6.2/sparc/gnupg-1.0.4-8.6.x.sparc.rpm
RedHat RPM 6.x gnupg-1.0.4-8.6.x.alpha
ftp://updates.redhat.com//6.2/alpha/gnupg-1.0.4-8.6.x.alpha.rpm
RedHat RPM 6.x gnupg-1.0.4-8.6.x.i386
ftp://updates.redhat.com//6.2/i386/gnupg-1.0.4-8.6.x.i386.rpm
Trustix RPM 1.0/1.1 gnupg-1.0.4-4tr.i586
http://www.trustix.net/pub/Trustix/updates/1.1/RPMS/gnupg-1.0.4-4tr.i586.rpm
Trustix RPM 1.2 gnupg-1.0.4-4tr.i586
http://www.trustix.net/pub/Trustix/updates/1.2/RPMS/gnupg-1.0.4-4tr.i586.rpm
GnuPG GnuPG 1.0.2:
Trustix RPM 1.2 gnupg-1.0.4-4tr.i586
http://www.trustix.net/pub/Trustix/updates/1.2/RPMS/gnupg-1.0.4-4tr.i586.rpm
Trustix RPM 1.0/1.1 gnupg-1.0.4-4tr.i586
http://www.trustix.net/pub/Trustix/updates/1.1/RPMS/gnupg-1.0.4-4tr.i586.rpm
RedHat RPM 6.x gnupg-1.0.4-8.6.x.i386
ftp://updates.redhat.com//6.2/i386/gnupg-1.0.4-8.6.x.i386.rpm
RedHat RPM 6.x gnupg-1.0.4-8.6.x.alpha
ftp://updates.redhat.com//6.2/alpha/gnupg-1.0.4-8.6.x.alpha.rpm
RedHat RPM 6.x gnupg-1.0.4-8.6.x.sparc
ftp://updates.redhat.com//6.2/sparc/gnupg-1.0.4-8.6.x.sparc.rpm
RedHat RPM 7.0 gnupg-1.0.4-9.alpha
ftp://updates.redhat.com//7.0/alpha/gnupg-1.0.4-9.alpha.rpm
RedHat RPM 7.0 gnupg-1.0.4-9.i386
ftp://updates.redhat.com//7.0/i386/gnupg-1.0.4-9.i386.rpm
GnuPG GnuPG 1.0.1:
Trustix RPM 1.2 gnupg-1.0.4-4tr.i586
http://www.trustix.net/pub/Trustix/updates/1.2/RPMS/gnupg-1.0.4-4tr.i586.rpm
Trustix RPM 1.0/1.1 gnupg-1.0.4-4tr.i586
http://www.trustix.net/pub/Trustix/updates/1.1/RPMS/gnupg-1.0.4-4tr.i586.rpm
RedHat RPM 6.x gnupg-1.0.4-8.6.x.i386
ftp://updates.redhat.com//6.2/i386/gnupg-1.0.4-8.6.x.i386.rpm
RedHat RPM 6.x gnupg-1.0.4-8.6.x.alpha
ftp://updates.redhat.com//6.2/alpha/gnupg-1.0.4-8.6.x.alpha.rpm
RedHat RPM 6.x gnupg-1.0.4-8.6.x.sparc
ftp://updates.redhat.com//6.2/sparc/gnupg-1.0.4-8.6.x.sparc.rpm
RedHat RPM 7.0 gnupg-1.0.4-9.alpha
ftp://updates.redhat.com//7.0/alpha/gnupg-1.0.4-9.alpha.rpm
RedHat RPM 7.0 gnupg-1.0.4-9.i386
ftp://updates.redhat.com//7.0/i386/gnupg-1.0.4-9.i386.rpm
GnuPG GnuPG 1.0:
Trustix RPM 1.2 gnupg-1.0.4-4tr.i586
http://www.trustix.net/pub/Trustix/updates/1.2/RPMS/gnupg-1.0.4-4tr.i586.rpm
Trustix RPM 1.0/1.1 gnupg-1.0.4-4tr.i586
http://www.trustix.net/pub/Trustix/updates/1.1/RPMS/gnupg-1.0.4-4tr.i586.rpm
RedHat RPM 6.x gnupg-1.0.4-8.6.x.i386
ftp://updates.redhat.com//6.2/i386/gnupg-1.0.4-8.6.x.i386.rpm
RedHat RPM 6.x gnupg-1.0.4-8.6.x.alpha
ftp://updates.redhat.com//6.2/alpha/gnupg-1.0.4-8.6.x.alpha.rpm
RedHat RPM 6.x gnupg-1.0.4-8.6.x.sparc
ftp://updates.redhat.com//6.2/sparc/gnupg-1.0.4-8.6.x.sparc.rpm
RedHat RPM 7.0 gnupg-1.0.4-9.alpha
ftp://updates.redhat.com//7.0/alpha/gnupg-1.0.4-9.alpha.rpm
RedHat RPM 7.0 gnupg-1.0.4-9.i386
ftp://updates.redhat.com//7.0/i386/gnupg-1.0.4-9.i386.rpm
相关信息
|
