A Vulnerability in GnuPG Libgcrypt Could Allow for Arbitrary Code Execution

DESCRIPTION:
A vulnerability has been discovered in GNU Libgcrypt, which could allow
for arbitrary code execution. Libgcrypt is a generic cryptographic
library offered as part of GNU Privacy Guard (GnuPG) software suite to
provide building blocks for carrying out cryptographic tasks such as
encrypting and signing data and communications. It is shipped with most
Linux distributions including Ubuntu and Fedora. Successful exploitation
of this vulnerability could result in arbitrary code execution in the
context of the affected application. Depending on the privileges
associated with the application, an attacker could install programs;
view, change, or delete data; or create new accounts with full user
rights. Failed exploitation could result in a denial-of-service condition.

IMPACT:
A vulnerability has been discovered in GNU Libgcrypt, which could allow
for arbitrary code execution. This vulnerability is a heap buffer
overflow, which occurs due to a wrong assumption in the block buffer
management code. To trigger the bug, an attacker can send the Libgcrypt
library a block of booby-trapped data to decrypt. Once decrypted, the
application would execute the malicious shellcode. No verification or
signature is validated to prevent the running of unexpected or malicious
instructions in decrypted data.

Successful exploitation of this vulnerability could result in arbitrary
code execution in the context of the affected application. Depending on
the privileges associated with the application, an attacker could
install programs; view, change, or delete data; or create new accounts
with full user rights. Failed exploitation could result in a
denial-of-service condition.

SYSTEM AFFECTED:
* GnuPG Libgcrypt 1.9.0

RECOMMENDATIONS:
* Apply patched version of libgcrypt to vulnerable systems immediately
after appropriate testing.
* Run all software as non-privileged user to diminish effects of
successful attack.
* Verify no unauthorized system modifications have occurred on the
system before applying the patch.
* Apply the Principle of Least Privilege to all systems and services.

REFERENCES:
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
https://dev.gnupg.org/T5275
https://www.gnu.org/software/libgcrypt/
https://dev.gnupg.org/T5259

Share