SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   GnuPG (Gnu Privacy Guard) Vendors:   Gnupg.org
(Turbolinux Issues Fix) GnuPG ElGamal Signature Flaw May Disclose Type 20 ElGamal Private Keys to Remote Users
SecurityTracker Alert ID:  1008501
SecurityTracker URL:  http://securitytracker.com/id/1008501
CVE Reference:   CVE-2003-0971   (Links to External Site)
Date:  Dec 18 2003
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.0.2 and later versions
Description:   A vulnerability was reported in GnuPG in the creation of ElGamal keys for digital signature. Keys used for signing can be compromised.

It is reported that Phong Nguyen discovered a flaw that allows a remote user to determine your private key within a few seconds.

In version 1.0.2 (January 2000), the flaw was introduced when the GnuPG code was modified to improve the efficiency of encryption using ElGamal keys. A common factor was used for encrypting and signing. As a result, a remtote user with access to a target user's signature can conduct a cryptographic attack to determine the target user's private key. This flaw reportedly affects only ElGamal sign+encrypt keys (type 20) in GnuPG version 1.0.2 and later.

The vendor reports that ElGamal encrypt-only keys (type 16) are not affected. Also, the DSA keys and RSA keys are not vulnerable, according to the report.

Impact:   A remote user can determine the ElGamal private key.
Solution:   Turbolinux has issued a fix.

<Turbolinux 10 Desktop>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/gnupg-1.2.3-2.src.rpm
3314781 4996b1e2267642d2d69d4f514cf4cad7

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/gnupg-1.2.3-2.i586.rpm
1129596 5fd712d1411be94acc23d49f24048df7

<Turbolinux 8 Server>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/gnupg-1.0.7-4.src.rpm
2409951 59104e12eb97ac80f0a4c9d842dfdc20

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/gnupg-1.0.7-4.i586.rpm
885453 72a565e99ff48f8756144b8966432d8e

<Turbolinux 8 Workstation>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/gnupg-1.0.7-4.src.rpm
2409951 883d8e4123edbdfc87be8cd31e58e22b

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/gnupg-1.0.7-4.i586.rpm
884696 6299e615d670554116f03a57a77534f9

<Turbolinux 7 Server>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/gnupg-1.0.7-4.src.rpm
2409951 174e7eadc938bf7deccb56deba74588d

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/gnupg-1.0.7-4.i586.rpm
863174 eb706737ef71616bbd5e6bc5bc73a8c0

<Turbolinux 7 Workstation>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/gnupg-1.0.7-4.src.rpm
2409951 cde1432e30a483ddffcbde6d61a5d0cf

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/gnupg-1.0.7-4.i586.rpm
862981 82bd0c1c5890c1fea6a7b18fe508320d

<Turbolinux Server 6.5>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/gnupg-1.0.7-4.src.rpm
2409951 69e46577d72aed27f3c795647a53bb9b

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/gnupg-1.0.7-4.i386.rpm
1170666 447865f5363d62abf8e5c6d8570fdb0e

<Turbolinux Server 6.1>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/gnupg-1.0.7-4.src.rpm
2409951 2fb777b54219241b3a33c6a819bc9ca7

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/gnupg-1.0.7-4.i386.rpm
1170653 c893158b981769a827df840decf771f1

<Turbolinux Workstation 6.0>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/gnupg-1.0.7-4.src.rpm
2409951 62b1e2c02457959368139e9d4ec3275e

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/gnupg-1.0.7-4.i386.rpm
1166583 79095cf116744d1da99fbf2607134bd9

Vendor URL:  www.gnupg.org/ (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Turbo Linux)
Underlying OS Comments:  Turbolinux 10 Desktop, 8 Server, 8 Workstation, 7 Server, 7 Workstation, Server 6.5, Server 6.1, Workstation 6.0

Message History:   This archive entry is a follow-up to the message listed below.
Nov 27 2003 GnuPG ElGamal Signature Flaw May Disclose Type 20 ElGamal Private Keys to Remote Users



 Source Message Contents

Subject:  [Full-Disclosure] [TURBOLINUX SECURITY INFO] 17/Dec/2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 17/Dec/2003
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) gnupg -> GnuPG's ElGamal signing keys compromised
 (2) cvs -> CVS server to create files and directories in the file system root directory


===========================================================
* gnupg -> GnuPG's ElGamal signing keys compromised
===========================================================

 More information :
    GnuPG is a complete and free replacement for PGP. Because it does not
    use IDEA or RSA it can be used without any restrictions. GnuPG is in
    compliance with the OpenPGP specification (RFC2440).
    Phong Nguyen identified a severe bug in the way GnuPG creates and uses
    ElGamal keys for signing.  This is a significant security failure
    which can lead to a compromise of almost all ElGamal keys used for
    signing.  Note that this is a real world vulnerability which will
    reveal your private key within a few seconds.

 Impact :
    This vulnerability may allow attackers to determine the private key from a signature.

 Affected Products :
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
   zabom-1.x
 # zabom update gnupg
   zabom-2.x
 # zabom -u gnupg
 ---------------------------------------------


 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/gnupg-1.2.3-2.src.rpm
      3314781 4996b1e2267642d2d69d4f514cf4cad7

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/gnupg-1.2.3-2.i586.rpm
      1129596 5fd712d1411be94acc23d49f24048df7

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/gnupg-1.0.7-4.src.rpm
      2409951 59104e12eb97ac80f0a4c9d842dfdc20

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/gnupg-1.0.7-4.i586.rpm
       885453 72a565e99ff48f8756144b8966432d8e

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/gnupg-1.0.7-4.src.rpm
      2409951 883d8e4123edbdfc87be8cd31e58e22b

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/gnupg-1.0.7-4.i586.rpm
       884696 6299e615d670554116f03a57a77534f9

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/gnupg-1.0.7-4.src.rpm
      2409951 174e7eadc938bf7deccb56deba74588d

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/gnupg-1.0.7-4.i586.rpm
       863174 eb706737ef71616bbd5e6bc5bc73a8c0

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/gnupg-1.0.7-4.src.rpm
      2409951 cde1432e30a483ddffcbde6d61a5d0cf

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/gnupg-1.0.7-4.i586.rpm
       862981 82bd0c1c5890c1fea6a7b18fe508320d

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/gnupg-1.0.7-4.src.rpm
      2409951 69e46577d72aed27f3c795647a53bb9b

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/gnupg-1.0.7-4.i386.rpm
      1170666 447865f5363d62abf8e5c6d8570fdb0e

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/gnupg-1.0.7-4.src.rpm
      2409951 2fb777b54219241b3a33c6a819bc9ca7

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/gnupg-1.0.7-4.i386.rpm
      1170653 c893158b981769a827df840decf771f1

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/gnupg-1.0.7-4.src.rpm
      2409951 62b1e2c02457959368139e9d4ec3275e

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/gnupg-1.0.7-4.i386.rpm
      1166583 79095cf116744d1da99fbf2607134bd9


 References :

 [Announce] GnuPG's ElGamal signing keys compromised
   http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html

 CVE
   [CAN-2003-0971]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0971


===========================================================
* cvs -> CVS server to create files and directories in the file system root directory
===========================================================

 More information :
    CVS is a front end to the rcs(1) revision control system which extends
    the notion of revision control from a collection of files in a single
    directory to a hierarchical collection of directories consisting of
    revision controlled files. 
    A remote user can submit a specially crafted and malformed module
    request that may cause the CVS server to attempt to create directories
    and possibly files at the root of the filesystem where the CVS
    repository is located.

 Impact :
    This vulnerability may allow attackers to cause the CVS server to create directories and files
    in the file system root directory.

 Affected Products :
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
   zabom-1.x
 # zabom update cvs
   zabom-2.x
 # zabom -u cvs
 ---------------------------------------------


 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/cvs-1.12.4-1.src.rpm
      2371619 be972c16222d933a1a15cb1383627681

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/cvs-1.12.4-1.i586.rpm
      1003284 ac7eb63b400fa0ab405c1cf74ff9489f

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/cvs-1.12.4-1.src.rpm
      2371619 f34d17adbe451e3eb9bff68b3caf7d0b

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/cvs-1.12.4-1.i586.rpm
       995946 fceb8bb6eb65cb7f44a100d3af6ed42a

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/cvs-1.12.4-1.src.rpm
      2371619 5a6a21b2a288b67ba714f184a285458c

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/cvs-1.12.4-1.i586.rpm
       995877 5df89643e16fefd5183896700642a7e1

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/cvs-1.12.4-1.src.rpm
      2371619 42f33ab58a73254fc924ebfa6966b6e7

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/cvs-1.12.4-1.i586.rpm
       984262 1038e7fe32ea05e372a7c016b10f9c16

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/cvs-1.12.4-1.src.rpm
      2371619 9cb3067c409b85b97c36108574f2e82c

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/cvs-1.12.4-1.i586.rpm
       984220 77c6b4d0c386d901c121cb29235098bf

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/cvs-1.12.4-1.src.rpm
      2371619 22d46f682d34c68303708c6cb80a57f8

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/cvs-1.12.4-1.i386.rpm
      1114584 982395edaaa1de0857408c1578b7e68d

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/cvs-1.12.4-1.src.rpm
      2371619 280ae8d29a89e6bac2383b589fda256b

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/cvs-1.12.4-1.i386.rpm
      1114630 4ea6455c681420076a03aa4b04b67267

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/cvs-1.12.4-1.src.rpm
      2371619 c6d9e046f5465a5262f75b9a36b74b7b

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/cvs-1.12.4-1.i386.rpm
      1114642 6c12eec4de136fea19f79cfca1013f96

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/cvs-1.12.4-1.src.rpm
      2371619 99f636ee48c389242f343eddb0469446

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/cvs-1.12.4-1.i386.rpm
      1114681 1059f93b6385e3dbb1224912f7947f45


 References :

 CVE
   [CAN-2003-0977]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@turbolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/3/yGK0LzjOqIJMwRAjhPAJ4otRqgnbViCAu1JRtr0akdBsOIWACeNxWC
CBUw9hFitwWpEOZ/40Bjtbg=
=awNM
-----END PGP SIGNATURE-----



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC