FreeBSD53EB9E1E-7014-11E8-8B1F-3065EC8FD3ECpassword-store -- GPG parsing vulnerabilities
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.133 Low
EPSS
Percentile
95.6%
Jason A. Donenfeld reports:
Markus Brinkmann discovered that [the] parsing of gpg command line
output with regexes isn’t anchored to the beginning of the line,
which means an attacker can generate a malicious key that simply has
the verification string as part of its username.
This has a number of nasty consequences:
an attacker who manages to write into your ~/.password-store
and also inject a malicious key into your keyring can replace
your .gpg-id key and have your passwords encrypted under
additional keys;
if you have extensions enabled (disabled by default), an
attacker who manages to write into your ~/.password-store and
also inject a malicious key into your keyring can replace your
extensions and hence execute code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | password-store | < 1.7.2 | UNKNOWN |
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.133 Low
EPSS
Percentile
95.6%