Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 03 Jun 2011 18:21:23 +0200
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>
CC: oss-security <>,
        Bernhard Reiter <>,
        Tomas Mraz <>
Subject: CVE Request / Discussion -- dirmngr -- Improper dealing with blocking
 system calls, when verifying a certificate

Hello, Josh, Steve, Bernhard, vendors,

   based on:
       (upstream bug report)
       (public PoC)
       (relevant upstream patch)

it concluded:

"Dirmngr, server/client tool for managing and downloading CRLS, used
user land threads implementation (Pth) for wrapping up of system calls,
that may potentially block. A remote attacker could use this flaw to
cause a hang of an end-user application, relying of the proper services
of the dirmngr daemon, via a request to verify a specially-crafted

But simultaneously with filling that Red Hat Bugzilla issue tracking
system entry performed some basic investigation, results of which can
be seen at:

IOW was not able to reproduce the complete / indefinite dirmngr-client
hang (thus blocking other clients from access). As noted in [6], it
is true that during small time period running 'dirmngr' daemon instance
is unresponsive also for '--ping' (dirmngr-client --ping) commands, but
after finite time (~21 seconds in my test) the connection ends up with

Though Bernard in:

mentions "For example the KMail hung when trying to verify a signature
which has the certificate in the chain." which would suggest there may
exist clients / end-user application not able to recover from this bug
properly. Bernhard, hopefully here, you could clarify / list such
applications and provide also time details, how long that hang of such
applications took.

Based on your reply, this may not / may be worthy (in case there are
such end-user applications) of an CVE identifier.

Thank you & Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ