EnGarde Secure Linux Security Advisory: gnupg format string vulnerability | Linux Today

EnGarde Secure Linux Security Advisory: gnupg format string vulnerability

Written By
Web Webster
Web Webster
May 30, 2001
From: EnGarde Secure Linux <security@guardiandigital.com>
Subject: [ESA-20010530-01]  gnupg format string vulnerability
Date: Wed, 30 May 2001 14:54:59 -0400 (EDT)


+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory                    May 30, 2001 |
| http://www.engardelinux.org/                           ESA-20010530-01 |
|                                                                        |
| Package:  gnupg                                                        |
| Summary:  There is a format string vulnerability in the gnupg package. |
+------------------------------------------------------------------------+

  EnGarde Secure Linux is a secure distribution of Linux that features
  improved access control, host and network intrusion detection, Web
  based secure remote management, complete e-commerce using AllCommerce,
  and integrated open source security tools.


OVERVIEW
--------
  There is a format string vulnerability in gnupg which can allow an
  attacker to exploit a victim by sending them a malicious encrypted
  message.  The attack takes place when the victim attempts to decrypt
  this message.


DETAIL
------
  From the original advisory disclosing the bug:

    "The problem code lies in util/ttyio.c in the 'do_get' function.
     There is a call to a function called 'tty_printf' (which eventually
     results in a vfprintf call) without a constant format string:

      >     tty_printf( prompt );

     If gpg attempts to decrypt a file whose filename does not end in
     '.gpg', that filename (minus the extension) is copied to the prompt
     string, allowing a user-suppliable format string."

  An exploit does exist and all users are urged to upgrade to the latest
  version (1.0.6) immediately.


SOLUTION
--------
  All users should upgrade to the most recent version, as outlined in
  this advisory.  All updates can be found at:

    ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
    http://ftp.engardelinux.org/pub/engarde/stable/updates/

  Before upgrading the package, the machine must either:

    a) be booted into a "standard" kernel; or
    b) have LIDS disabled.

  To disable LIDS, execute the command:

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

  To install the updated package, execute the command:

    # rpm -Uvh <filename>

  To re-enable LIDS (if it was disabled), execute the command:

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

  To verify the signature of the updated packages, execute the command:

    # rpm -Kv <filename>


UPDATED PACKAGES
----------------

  Source Packages:

    SRPMS/gnupg-1.0.6-1.0.3.src.rpm
      MD5 Sum:  1f8f3ab71d5b4c271f4dd1b246b0e191

  Binary Packages:

    i386/gnupg-1.0.6-1.0.3.i386.rpm
      MD5 Sum:  62558d3d186cc6724ace14fab4b119e9

    i686/gnupg-1.0.6-1.0.3.i686.rpm
      MD5 Sum:  74feaca3f74deda14d78b04daa9b0319


REFERENCES
----------

  Guardian Digital's public key:
    http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

  Credit for the discovery of this bug goes to:
    fish stiqz 

  gnupg's Official Web Site:
    http://www.gnupg.org/

  The original advisory disclosing the vulnerability:
    http://www.linuxsecurity.com/articles/cryptography_article-3083.html

Author: Ryan W. Maple,  
Copyright 2001, Guardian Digital, Inc.

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.