tags 402592 -security
thanks
On Mon, Dec 11, 2006 at 04:12:37PM +0100, Helmut Grohne wrote:
> Package: gnupg
> Version: 1.4.6-1
> Severity: important
> Tags: security
> Justification: remote dos
>
> I somehow found this signature (which seems to be too large to append to
> a mail):
> http://subdivi.de/~helmut/gpg-outofmemory.sig
>
> Running gpg --verify gpg-outofmemory.sig will cause gpg try to allocate
> over 1G of memory. I consider this to be a denial of service attack as
> the file could cause gpg allocate up to 4G of memory which could cause
> the Linux kernel to OOM kill arbitrary applications which might cause
> data loss. gpg is used with software like mutt to automatically verify
> signatures, so the user might not know what the bad signature does.
I haven't looked at the verication code; it might be that it's triggering
an algorithmic cornercase inside the verification algorithm. Ccing Werner
for clarification.
However, this doesn't constitute a security problem, as the user can still
abort it; especially when the system becomes slower as soon as the swapping
kicks in. Plus, the scoring of Linux's VM will make it extremely unlikely that
unrelated processes will be OOMed instead of gnupg.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
