CVE-2005-2023

An attacker does not directly trigger this bug; it is a local misconfiguration scenario. When gpgsm (the S/MIME signing component) sends environment options to gpg-agent, the `send_pinentry_environment` function incorrectly sends the `lc-messages` value under the option name `display` instead of `lc-messages` [ref_id=1]. This causes the agent to receive a bogus `OPTION display=en_US.UTF-8` line, overwriting the legitimate display setting [ref_id=1]. As a result, pinentry cannot open the display and S/MIME signing fails [ref_id=1].

The bug resides in the `send_pinentry_environment` function in `common/asshelp.c` of gnupg 1.9.14 [ref_id=1][ref_id=2]. A cut-and-paste error introduced on 2004-12-18 caused the `lc-messages` option to be sent as `display` instead [ref_id=2].

The fix, committed on 2005-01-03, corrected the cut-and-paste error in `send_pinentry_environment` so that the `lc-messages` option is sent with the correct option name instead of being duplicated as `display` [ref_id=2]. The changelog entry states: "Fixed changed from 2004-12-18; cut+paste error for lc-messages" [ref_id=2]. Users of gnupg 1.9.14 on SUSE Linux 9.3 were advised to upgrade to 1.9.15 or add a `pinentry-program` directive to `gpg-agent.conf` as a workaround [ref_id=1].

The reference write-ups do not provide a standalone reproduction script, but the bug can be observed by running gpgsm under strace: the agent receives `OPTION display=en_US.UTF-8` as the third option instead of `OPTION lc-messages=en_US.UTF-8` [ref_id=1].