{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2018-016.pdf"
    },
    "title": "Signature Spoofing Vulnerability in GnuPG",
    "serial_number": "2018-016",
    "publish_date": "15-06-2018 12:27:00",
    "description": "On 13th of June 2018, Marcus Brinkmann released technical details concerning a vulnerability impacting GnuPG and most applications based on GnuPG (Enigmail, GPGtools, python-gnupg, etc.) [1]. This vulnerability can be exploited by a remote attacker to spoof signatures in encrypted messages. Security researchers named those vulnerabilities SigSpoof.<br><br>To exploit the vulnerabilities, the verbose option needs to be enabled (via configuration file or via command line parameter). A successful exploitation of the vulnerability allows the attacker to spoof signature verification and message decryption results. Concerning Enigmail, exploitation of the vulnerability does not even need the message to be encrypted (encryption is spoofed as well).",
    "url_title": "2018-016",
    "content_markdown": "---\ntitle: 'Signature Spoofing Vulnerability\u00a0in\u00a0GnuPG'\nversion: '1.0'\nnumber: '2018-016'\ndate: 'June 15, 2018'\n---\n\n_History:_\n\n* _15/06/2018 --- v1.0: Initial publication_\n\n# Summary\n\nOn 13th of June 2018, Marcus Brinkmann released technical details concerning a vulnerability impacting GnuPG and most applications based on GnuPG (Enigmail, GPGtools, python-gnupg, etc.) [1]. This vulnerability can be exploited by a remote attacker to spoof signatures in encrypted messages. Security researchers named those vulnerabilities __SigSpoof__.\n\nTo exploit the vulnerabilities, the `verbose` option needs to be enabled (via configuration file or via command line parameter). A successful exploitation of the vulnerability allows the attacker to spoof signature verification and message decryption results. Concerning Enigmail, exploitation of the vulnerability does not even need the message to be encrypted (encryption is spoofed as well).\n\n# Technical Details\n\nThe __SigSpoof__ vulnerability exploits two design choices in GnuPG:\n\n * some applications call GnuPG with `--status-fd 2` which combined `stderr` and the status messages in a single data pipe. The applications will then use line prefixes to parse the data pipe,\n * GnuPG, with `verbose` enabled, does not escape newline characters when printing the name of the encrypted file to `stderr`.\n\nBy combining these flaws, the attacker can inject arbitrary (fake) GnuPG status messages into the application parser to spoof signature verification and message decryption results. The attacker can control the key IDs, algorithm specifiers, creation times and user IDs, and does not need any of the private or public keys involved.\n\nA CVEs were provided for the vulnerability:\n\n * CVE-2018-12020 [2]\n\n# Products Affected\n\nKnown affected products are:\n\n * GnuPG before 2.2.8 and GnuPG before 1.4.23\n * Enigmail before 2.0.7\n * GPGTools before 2018.3\n\nOther applications relying on GnuPG may also be affected.\n\n# Recommendations\n\n* Upgrade to GnuPG 2.2.8 or GnuPG 1.4.23\n* Upgrade to Enigmail 2.0.7\n* Upgrade to GPGTools 2018.3\n\n## Workarounds\n\nIs is highly recommended to disable `verbose` options to all invocations of GPG.\n\n\n# References\n\n[1] <https://neopg.io/blog/gpg-signature-spoof/#proof-of-concept-ii-signature-and-encryption-spoof-enigmail>\n\n[2] <https://www.cvedetails.com/cve/CVE-2018-12020>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>15/06/2018 --- v1.0: Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On 13th of June 2018, Marcus Brinkmann released technical details concerning a vulnerability impacting GnuPG and most applications based on GnuPG (Enigmail, GPGtools, python-gnupg, etc.) [1]. This vulnerability can be exploited by a remote attacker to spoof signatures in encrypted messages. Security researchers named those vulnerabilities <strong>SigSpoof</strong>.</p><p>To exploit the vulnerabilities, the <code>verbose</code> option needs to be enabled (via configuration file or via command line parameter). A successful exploitation of the vulnerability allows the attacker to spoof signature verification and message decryption results. Concerning Enigmail, exploitation of the vulnerability does not even need the message to be encrypted (encryption is spoofed as well).</p><h2 id=\"technical-details\">Technical Details</h2><p>The <strong>SigSpoof</strong> vulnerability exploits two design choices in GnuPG:</p><ul><li>some applications call GnuPG with <code>--status-fd 2</code> which combined <code>stderr</code> and the status messages in a single data pipe. The applications will then use line prefixes to parse the data pipe,</li><li>GnuPG, with <code>verbose</code> enabled, does not escape newline characters when printing the name of the encrypted file to <code>stderr</code>.</li></ul><p>By combining these flaws, the attacker can inject arbitrary (fake) GnuPG status messages into the application parser to spoof signature verification and message decryption results. The attacker can control the key IDs, algorithm specifiers, creation times and user IDs, and does not need any of the private or public keys involved.</p><p>A CVEs were provided for the vulnerability:</p><ul><li>CVE-2018-12020 [2]</li></ul><h2 id=\"products-affected\">Products Affected</h2><p>Known affected products are:</p><ul><li>GnuPG before 2.2.8 and GnuPG before 1.4.23</li><li>Enigmail before 2.0.7</li><li>GPGTools before 2018.3</li></ul><p>Other applications relying on GnuPG may also be affected.</p><h2 id=\"recommendations\">Recommendations</h2><ul><li>Upgrade to GnuPG 2.2.8 or GnuPG 1.4.23</li><li>Upgrade to Enigmail 2.0.7</li><li>Upgrade to GPGTools 2018.3</li></ul><h3 id=\"workarounds\">Workarounds</h3><p>Is is highly recommended to disable <code>verbose</code> options to all invocations of GPG.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://neopg.io/blog/gpg-signature-spoof/#proof-of-concept-ii-signature-and-encryption-spoof-enigmail\">https://neopg.io/blog/gpg-signature-spoof/#proof-of-concept-ii-signature-and-encryption-spoof-enigmail</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.cvedetails.com/cve/CVE-2018-12020\">https://www.cvedetails.com/cve/CVE-2018-12020</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}