Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects

by | Feb 1, 2021

google bug gnu libgcrypt

Post Views: 530

style="display:block" data-ad-client="ca-pub-6620833063853657" data-ad-slot="8337846400" data-ad-format="auto" data-full-width-responsive="true">
 
 
 

 

 

Reading Time: 1 Minute

 

 

A “severe” vulnerability in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution.

 

 

 
  

The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis Ormandy of Project Zero, a security research unit within Google dedicated to finding zero-day bugs in hardware and software systems.

No other versions of Libgcrypt are affected by the vulnerability.

“There isheap buffer overflow in libgcrypt due to an incorrect assumption in the block buffer management code,” Ormandy said. “Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs.”

GnuPG addressed the weakness almost immediately within a day after disclosure, while urging users to stop using the vulnerable version. The latest version can be downloaded here.

 

 
See Also: Rocke Group’s Malware Now Has Worm Capabilities

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

The Libgcrypt library is an open-source cryptographic toolkit offered as part of GnuPG software suite to encrypt and sign data and communications. An implementation of OpenPGP, it’s used for digital security in many Linux distributions such as Fedora and Gentoo, although it isn’t as widely used as OpenSSL or LibreSSL.

According to GnuPG, the bug appears to have been introduced in 1.9.0 during its development phase two years ago as part of a change to “reduce overhead on generic hash write function,” but it was only spotted last week by Google Project Zero.

 

See Also: Offensive Security Tool: JTR – John the Ripper

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

Thus all an attacker needs to do to trigger this critical flaw is to send the library a block of specially-crafted data to decrypt, thus tricking the application into running an arbitrary fragment of malicious code embedded in it (aka shellcode) or crash a program (in this case, gpg) that relies on the libgcrypt library.

“Exploiting this bug is simple and thus immediate action for 1.9.0 users is required,” Libgcrypt author Werner Koch noted. “The 1.9.0 tarballs on our FTP server have been renamed so that scripts won’t be able to get this version anymore.

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

See Also:SolarWinds Supply Chain Hack – The hack that shone a light on the gaps in the cybersecurity of governments and big companies

 

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

 

Source: ww.thehackernews.com

 

 
(Click Link)

 

 

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This