Bugtraq mailing list archives
Re: Advisory: PGP 7.0 signature verification vulnerability
From: Adam Shostack <adam () HOMEPORT ORG>
Date: Mon, 8 Jan 2001 14:31:27 -0500
Does this work if I put up a fake key on my website? If I put a fake key into the keyservers? How is that different from importing a signed, exported key from disk? Adam On Mon, Jan 08, 2001 at 03:58:58PM +0100, Michael Kjorling wrote: | -----BEGIN PGP SIGNED MESSAGE----- | Hash: SHA1 | | Product: Pretty Good Privacy | Severity: Medium to high | Impact: Users with write access to signed exported key blocks may | replace them with arbitrary keys without any warning being issued | upon import of those keys | Local: Yes | Remote: No (though man-in-the-middle attacks is a possibility) | Vendor status: Network Associates was contacted December 20; see | below | | Confirmed vulnerable: PGP for Desktop Security, version 7.0.0.0 build | 242, on Windows 2000 | Suspected vulnerable: All versions of PGP 7.0 | Confirmed not vulnerable: none | | | Disclaimer: | | This information is provided "as is", with no warranties of any kind, | either expressed or implied. It was discovered through trial and | error; the source code has not been examined as it has been out of my | reach. I take no responsibility for how the information contained | within this advisory is utilized. | | | Description: | | There seems to be a vulnerability in the key import code in PGP 7.0 | on the Win32/Intel platform, causing a signature on a full exported | and ASCII armored key block not to be checked when "Decrypt/Verify" | is selected to import the key(s). This means that any signatures on | the full exported key block is not checked, opening the possibility | for anyone who have write access to the file to replace the keys | without having to generate a new signature. Key signature | verification, however, is not affected by this vulnerability. | | | Exploit: | | Given the possibility to write to the PGP signed file containing the | exported key(s), replace the keys without altering the signature. PGP | will not warn the user upon import of the keys that the signature has | become invalid. Man-in-the-middle attacks are also a possibility, | given an eavesdropper listening on the communications channel and | replacing the key material as it flows through the wires. | | | Workaround: | | There is no known workaround, besides always verifying fingerprints | with the owner of the key as well as not trusting keys that have no | or just a few signatures. | | | Vendor status: | | Network Associates was contacted by email to <pgpsupport () nai com> as | per instructions from their support department on December 20th, | 2000, and they were advised that an advisory would be posted to | Bugtraq on Jan 8. The email was encrypted with their "Software | Release Key" which was the key I was pointed to when asking to whom I | should encrypt the email, but I still have not heard back from them. | | | | Michael Kjörling | michael () kjorling com | | -----BEGIN PGP SIGNATURE----- | Version: PGP 7.0 | Comment: All computers wait at the same speed. | | iQA/AwUBOlnVfSqje/2KcOM+EQLUgACePUxBaAKla2jBZzdquOeba3nESYYAoNdt | 0vzBXN6YIZ1V50EboF4maM3/ | =hJXy | -----END PGP SIGNATURE----- -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- Advisory: PGP 7.0 signature verification vulnerability Michael Kjorling (Jan 08)
- Re: Advisory: PGP 7.0 signature verification vulnerability Adam Shostack (Jan 08)