Re: golang-go.crypto / CVE-2019-11841
Brian May <brian@linuxpenguins.xyz> writes:
> My attempts to run the reproducer program have not been successful, as
> *none* of the signatures validate. Not even the known good case.
I worked it out. The source had:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFyeB6MBCAC+X0+7sQkrpg4zjQGj9NQSwPvDV5JjWxIXpf1n+mtrZewO8RvR
But we really need a newline between these two lines.
I created a reproducer for this for various Debian versions using
Docker: https://salsa.debian.org/bam/cve-2019-11841
As per the note in the security tracker:
https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442
Patch fixes the second part of the CVE ("prepend arbitrary text")
but not the first ("ignores the value of [the Hash] header"), as hinted at reporter's 2019-05-09 note:
https://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
When I run my script I get the following output:
=== cut ===
Testing debian:stretch
Sending build context to Docker daemon 78.85kB
Step 1/6 : ARG IMAGE
Step 2/6 : FROM ${IMAGE:-debian:bullseye}
---> 6d935b41319b
Step 3/6 : RUN apt-get update && apt-get install -y golang golang-golang-x-crypto-dev && rm -rf /var/lib/apt/lists/*
---> Using cache
---> 59138999d865
Step 4/6 : WORKDIR /opt
---> Using cache
---> 0d3cd2502ca0
Step 5/6 : COPY sig_spoof.go .
---> Using cache
---> fca2fb7cdbb9
Step 6/6 : CMD GOPATH=/usr/share/gocode/ go run sig_spoof.go
---> Using cache
---> d1abe6a096eb
Successfully built d1abe6a096eb
Successfully tagged cve-2019-11841:debian_stretch
Verifying not tampered...
Signature accepted!
Verifying spoofed hash...
Signature accepted!
Verifying spoofed cleartext...
Signature accepted!
Testing debian:buster
Sending build context to Docker daemon 78.85kB
Step 1/6 : ARG IMAGE
Step 2/6 : FROM ${IMAGE:-debian:bullseye}
---> ee11c54e6bb7
Step 3/6 : RUN apt-get update && apt-get install -y golang golang-golang-x-crypto-dev && rm -rf /var/lib/apt/lists/*
---> Using cache
---> 58c133d72716
Step 4/6 : WORKDIR /opt
---> Using cache
---> 4d0b655f72c4
Step 5/6 : COPY sig_spoof.go .
---> Using cache
---> 58ddeb727942
Step 6/6 : CMD GOPATH=/usr/share/gocode/ go run sig_spoof.go
---> Using cache
---> c08127a525a3
Successfully built c08127a525a3
Successfully tagged cve-2019-11841:debian_buster
Verifying not tampered...
Signature accepted!
Verifying spoofed hash...
Signature accepted!
Verifying spoofed cleartext...
Signature accepted!
Testing debian:bullseye
Sending build context to Docker daemon 78.85kB
Step 1/6 : ARG IMAGE
Step 2/6 : FROM ${IMAGE:-debian:bullseye}
---> 0622e5011273
Step 3/6 : RUN apt-get update && apt-get install -y golang golang-golang-x-crypto-dev && rm -rf /var/lib/apt/lists/*
---> Using cache
---> 62064fd7dc75
Step 4/6 : WORKDIR /opt
---> Using cache
---> 62ad4e1fc354
Step 5/6 : COPY sig_spoof.go .
---> Using cache
---> 57f8ae6b45ef
Step 6/6 : CMD GOPATH=/usr/share/gocode/ go run sig_spoof.go
---> Using cache
---> 7297eba7a4b6
Successfully built 7297eba7a4b6
Successfully tagged cve-2019-11841:debian_bullseye
Verifying not tampered...
Signature accepted!
Verifying spoofed hash...
Signature accepted!
Verifying spoofed cleartext...
No clearsign text found
Done
=== cut ===
All of the distributions fail (as in the last two tests pass when they
should now), but bullseye at least fixes one of the failures. So it
looks like this was incorrectly marked as fixed (note bulleye and sid
have the same version of this package).
--
Brian May <bam@debian.org>
Reply to: