ID CVE-2018-12020
Summary mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4223.NASL
    description Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
    last seen 2018-06-12
    modified 2018-06-11
    plugin id 110422
    published 2018-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110422
    title Debian DSA-4223-1 : gnupg1 - security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4224.NASL
    description Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
    last seen 2018-06-12
    modified 2018-06-11
    plugin id 110423
    published 2018-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110423
    title Debian DSA-4224-1 : gnupg - security update
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7DA0417F6B2411E884CC002590ACAE31.NASL
    description GnuPG reports : GnuPG did not sanitize input file names, which may then be output to the terminal. This could allow terminal control sequences or fake status messages to be injected into the output.
    last seen 2018-06-14
    modified 2018-06-13
    plugin id 110430
    published 2018-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110430
    title FreeBSD : gnupg -- unsanitized output (CVE-2018-12020) (7da0417f-6b24-11e8-84cc-002590acae31)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3675-1.NASL
    description Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. (CVE-2018-12020) Lance Vick discovered that GnuPG did not enforce configurations where key certification required an offline master Certify key. An attacker with access to a signing subkey could generate certifications that appeared to be valid. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-9234). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-06-13
    modified 2018-06-12
    plugin id 110475
    published 2018-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110475
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : gnupg, gnupg2 vulnerabilities (USN-3675-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4222.NASL
    description Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
    last seen 2018-06-12
    modified 2018-06-11
    plugin id 110421
    published 2018-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110421
    title Debian DSA-4222-1 : gnupg2 - security update
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-159-01.NASL
    description New gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and - -current to fix a security issue.
    last seen 2018-06-12
    modified 2018-06-11
    plugin id 110432
    published 2018-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110432
    title Slackware 13.37 / 14.0 / 14.1 / 14.2 / current : gnupg2 (SSA:2018-159-01)
refmap via4
bid 104450
debian
  • DSA-4222
  • DSA-4223
  • DSA-4224
misc
sectrack 1041051
ubuntu USN-3675-1
Last major update 08-06-2018 - 17:29
Published 08-06-2018 - 17:29
Last modified 15-06-2018 - 21:29
Back to Top