GnuPG HTTP Keyserver Protocol Interface Format String

2003-12-03T07:27:33
ID OSVDB:2899
Type osvdb
Reporter Evgeny Legerov()
Modified 2003-12-03T07:27:33

Description

Vulnerability Description

GnuPG contains a flaw that may allow a malicious user to cause a denial of service or execute arbitrary code. The issue is triggered when the external HKP interface is enabled and crafted data is sent. GnuPG's external HTTP Keyserver Protocol (HKP) interface contains a format string flaw in keyserver/gpgkeys_hkp.c that could allow a compromised key server to execute remote commands on a client machine requesting information. The external HKP interface is not enabled by default in 1.2 stable branch, but is enabled by default on the 1.3 devel branch. It is possible that the flaw may allow this execution of remote code, resulting in a loss of integrity.

Solution Description

Upgrade GnuPG to 1.2.3 Stable (with patches) or 1.3.4 Development as patches have been included to mitigate this flaw. Disabling support for HKP in the GnuPG software is a temporary workaround.

Short Description

GnuPG contains a flaw that may allow a malicious user to cause a denial of service or execute arbitrary code. The issue is triggered when the external HKP interface is enabled and crafted data is sent. GnuPG's external HTTP Keyserver Protocol (HKP) interface contains a format string flaw in keyserver/gpgkeys_hkp.c that could allow a compromised key server to execute remote commands on a client machine requesting information. The external HKP interface is not enabled by default in 1.2 stable branch, but is enabled by default on the 1.3 devel branch. It is possible that the flaw may allow this execution of remote code, resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:10348 Mail List Post: http://lists.netsys.com/pipermail/full-disclosure/2003-December/014444.html ISS X-Force ID: 13892 Generic Informational URL: http://www.s-quadra.com/advisories/Adv-20031203.txt CVE-2003-0978 Bugtraq ID: 9144