Bug 10850 - gnupg/gnupg2 side-channel attack on RSA private keys (CVE-2013-4242)
Summary: gnupg/gnupg2 side-channel attack on RSA private keys (CVE-2013-4242)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 3
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/561440/
Whiteboard: MGA2TOO MGA3-64-OK MGA3-32-OK MGA2-64...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2013-07-26 19:08 CEST by David Walser
Modified: 2014-05-08 18:05 CEST (History)
6 users (show)

See Also:
Source RPM: gnupg, libgcrypt
CVE:
Status comment:


Attachments

Description David Walser 2013-07-26 19:08:34 CEST
GNU has released gnupg 1.4.14 and libgcrypt 1.5.3 (used by gnupg2) to fix an attack vector that allows users on a shared machine to steal other users' private GPG keys.  The updates were announced on July 25.  The update announcement for gnupg provides a good description of the issue:
http://lists.gnu.org/archive/html/info-gnu/2013-07/msg00014.html
http://lists.gnu.org/archive/html/info-gnu/2013-07/msg00013.html

A CVE has been requested, with no response yet:
http://openwall.com/lists/oss-security/2013/07/25/15

Reproducible: 

Steps to Reproduce:
David Walser 2013-07-26 19:09:03 CEST

CC: (none) => boklm, fundawang, oe
Whiteboard: (none) => MGA3TOO, MGA2TOO

Comment 1 David Walser 2013-07-26 22:43:44 CEST
CVE-2013-4242 has been assigned:
http://openwall.com/lists/oss-security/2013/07/26/7

Summary: gnupg/gnupg2 side-channel attack on RSA private keys => gnupg/gnupg2 side-channel attack on RSA private keys (CVE-2013-4242)

Comment 2 Nicolas Vigier 2013-07-27 09:14:49 CEST
Working on update.

Assignee: bugsquad => boklm

Comment 3 David Walser 2013-07-28 01:34:53 CEST
Fixed in Cauldron in gnupg-1.4.14-1.mga4 and libgcrypt-1.5.3-1.mga4.

Version: Cauldron => 3
Whiteboard: MGA3TOO, MGA2TOO => MGA2TOO

Comment 4 David Walser 2013-07-28 16:13:37 CEST
Currently built for Mageia 3:
gnupg-1.4.14-1.mga3
libgcrypt11-1.5.3-1.mga3
libgcrypt-devel-1.5.3-1.mga3

from SRPMS:
gnupg-1.4.14-1.mga3.src.rpm
libgcrypt-1.5.3-1.mga3.src.rpm
Comment 5 David Walser 2013-07-30 19:07:11 CEST
Debian has issued advisories for this on July 29:
http://www.debian.org/security/2013/dsa-2730
http://www.debian.org/security/2013/dsa-2731

URL: (none) => http://lwn.net/Vulnerabilities/561440/

Comment 6 Olivier Delaune 2013-07-30 23:50:17 CEST
Is there any procedure to test the updated package?

CC: (none) => olivier.delaune

Comment 7 David Walser 2013-07-31 00:11:00 CEST
(In reply to Olivier Delaune from comment #6)
> Is there any procedure to test the updated package?

I don't know that there's any documentation on how exactly to perform the RSA side-channel attack, so I don't know that you'll be able to verify that the CVE is fixed.

What will need to be tested is that the gnupg stuff basically works.  You can look at the gpg and gpg2 manpages for some of the options and information on different things that they do.  You can use those commands to encrypt and decrypt a file for example.
Comment 8 Oden Eriksson 2013-08-01 09:13:40 CEST
gnupg-1.4.12-1.2.mga2 + libgcrypt-1.5.0-2.1.mga2 has been submitted.
Comment 9 Oden Eriksson 2013-08-01 17:11:23 CEST
Found no PoCs, basic usage tested only. All OK.

http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:205/
Comment 10 David Walser 2013-08-01 20:53:48 CEST
Thanks Nicolas and Oden.  Assigning to QA.

Advisory:
========================

Updated gnupg and libgcrypt packages fix security vulnerability:

Yarom and Falkner discovered that RSA secret keys in applications
using GnuPG 1.x, and using the libgcrypt library, could be leaked via a
side channel attack, where a malicious local user could obtain private
key information from another user on the system (CVE-2013-4242).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
http://eprint.iacr.org/2013/448
http://www.debian.org/security/2013/dsa-2730
http://www.debian.org/security/2013/dsa-2731
http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:205/
========================

Updated packages in core/updates_testing:
========================
gnupg-1.4.12-1.2.mga2
libgcrypt11-1.5.0-2.1.mga2
libgcrypt-devel-1.5.0-2.1.mga2
gnupg-1.4.14-1.mga3
libgcrypt11-1.5.3-1.mga3
libgcrypt-devel-1.5.3-1.mga3

from SRPMS:
gnupg-1.4.12-1.2.mga2.src.rpm
libgcrypt-1.5.0-2.1.mga2.src.rpm
gnupg-1.4.14-1.mga3.src.rpm
libgcrypt-1.5.3-1.mga3.src.rpm

Assignee: boklm => qa-bugs

Comment 11 Dave Hodgins 2013-08-03 02:46:29 CEST
Testing complete Mageia 2 and 3, i586 and x86_64.

On each install, generated a key (using kgpg set to use /usr/bin/gpg, instead
of /usr/bin/gpg2), encrypted and signed a msg with "gpg -sea msg", decrypted it
with "gpg msg.asc".

Could someone from the sysadmin team push 10850.adv to updates.

Keywords: (none) => validated_update
Whiteboard: MGA2TOO => MGA2TOO MGA3-64-OK MGA3-32-OK MGA2-64-OK MGA2-32-OK
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 12 Thomas Backlund 2013-08-03 10:46:59 CEST
Update pushed:
http://advisories.mageia.org/MGASA-2013-0239.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Nicolas Vigier 2014-05-08 18:05:13 CEST

CC: boklm => (none)


Note You need to log in before you can comment on or make changes to this bug.