Vulnerability in GnuPG allowed digital signature spoofing for decades

A vulnerability affecting GnuPG has made some of the widely used email encryption software vulnerable to digital signature spoofing for many years. The list of affected programs includes Enigmail and GPGTools.

CVE-2018-12020 digital signature spoofing

About the vulnerability (CVE-2018-12020)

CVE-2018-12020, dubbed “SigSpoof” by Marcus Brinkmann, the researcher which found it, arises from “weak design choices.”

“The signature verification routine in Enigmail, GPGTools 2018.2, and python-gnupg 0.4.2 parse the output of GnuPG 2.2.6 with a “–status-fd 2” option, which allows remote attackers to spoof arbitrary signatures via the embedded “filename” parameter in OpenPGP literal data packets, if the user has the verbose option set in their gpg.conf file,” Brinkmann explained.

“The attacker can inject arbitrary (fake) GnuPG status messages into the application parser to spoof signature verification and message decryption results. The attacker can control the key ids, algorithm specifiers, creation times and user ids, and does not need any of the private or public keys involved.”

He shared several PoCs that show the various attacks possible (signature spoof, signature and encryption spoof, signature spoof on the command line).

In collaboration with a fellow hacker, he also found a vulnerability (CVE-2018-12019) that allows a similar attack (signature spoofing) but is specific to Enigmail.

Security updates

The CVE-2018-12020 is found in GnuPG versions 0.2.2 to 2.2.7, Enigmail and older, GPGTools 2018.2 and older, and python-gnupg 0.4.2 and older.

All of these packages have now been updated, so if you’re using any of them, make sure to upgrade to the latest version available.

“Any software that calls gpg or gpgv with –status-fd 2 is potentially affected, unless it also adds –no-verbose. If you use GnuPG in your application, you should verify that you are not affected, and consider some mitigations if you are,” the researcher added, and provided guidance on possible solutions for both users and developers.

The GnuPG 2.2.8 release notes offer more information about patching and temporary mitigation.

Brinkman is worried that the vulnerability has the potential to affect a large part of our core infrastructure, as apart from being used for email security, GnuPG is also utilized to secure backups, software updates, and source code in version control systems like Git.

Don't miss