Security flaw discovered in Network Associates PGP software

[InfoSec News <isn () C4I ORG>]

http://www.nwfusion.com/news/2000/0824naipgp.html?nf

Network Associates working on patch to correct problem.

By Ellen Messmer
Network World Fusion, 08/24/00

European cryptographic researchers have uncovered a serious security
flaw in both the Unix and Windows versions of Network Associates PGP
software 5.5 through 6.5.3 - a flaw that allows a savvy attacker to
alter the victim's PGP public certificate and read any message
encrypted with the altered certificate.

A certificate is software that unites the user's identity with a set
of encryption keys and is used for signing, encrypting and decrypting
messages.

European researchers Ralf Senderek and Stephen Early disclosed their
findings in a paper published Thursday online at
http:senderek.de/security/key-experiments.html.

Network Associates acknowledged the paper's findings, emphasizing that
the company is working on a software patch to prevent any attacker
from exploiting this flaw.

"We'll have a patch out later today [Thursday] available at both
pgp.com and nai.com," says Mike Wallach, president of PGP Security.
"To our knowledge, no customer data has been compromised."

The flaw centers on the way that PGP implements a so-called
"data-recovery" feature that lets an authorized third party gain
access to data encrypted with the user's PGP certificate.

"The issue is an attacker can add an additional key to the user's
public-key certificate to be used as an additional decryption key,"
acknowledges Mike Jones, PGP business line manager at Network
Associates.

As it turns out, this flaw has actually existed since 1997, back when
Phil Zimmermann, the original developer of PGP, added the
data-recovery feature as he sought to commercialize the product for
corporate use, Jones points out. As a safety measure, corporations
want to have a way to decrypt data that their employees encrypt, Jones
notes.

At the time, the federal government was also pushing hard to get
companies to add so-called "key escrow" type technologies to their
encryption products so that law enforcement could obtain access to
encrypted data on demand.

Network Associates bought PGP in December 1997. The three-year-old
flaw, not publicized until Thursday, lets an attacker decrypt PGP data
but does not let the attacker impersonate the PGP certificate holder,
Jones emphasizes.

Network Associates has taken offline a central server in Santa Clara,
Calif., containing PGP public-key certificates until the problem is
resolved, which should occur by tomorrow morning.

The patch that Network Associates expects to soon release will correct
two problems. It will prevent any additional decryption keys from
being added to any field in the PGP certificate. And it will also work
to verify where additional decryption keys came from to ensure there
has been no tampering of a user's certificate.

Jones expresses some anger that the European researchers publicized
their findings without first informing Network Associates of the flaw.
"That was irresponsible of them," he says.

Network Associates says the discovered vulnerability is actually quite
difficult to exploit. You have to modify the sender's public-key
certificate, make sure the sender would have a copy of that and modify
the recipient's key as well, Jones says. That is more easily said than
done.

But it is certainly possible. And the PGP bug arises from the mistake
that PGP originally made in not ensuring that all the

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".