Vulnerability Development mailing list archives
PGP spoof decrypted output?
From: "McAllister, Andrew" <McAllisterA () umsystem edu>
Date: Thu, 6 Jun 2002 16:08:48 -0500
OK maybe this is well known and I just didn't look hard enough... It looks like it is possible to replace the contents of a signed and encrypted PGP file simply by concatenating your malicious content to the end of a valid PGP encrypted file... Here's the situation: I have an encrypted and signed PGP file meant for me (FILE.pgp). I was messing around and accidentally did an ls -l >> FILE.pgp. I tried to decrypt the file with a command line... pgp FILE.pgp PGP prompted me to overwrite FILE. I said yes. The output file was my ls -l command. Big deal? Indeed you DO have to answer yes to the prompt, but depending on the file name it wouldn't be that unusual for a user to do so automatically. Plus I've got numerous scripts that automatically decrypt files using a pgp +force command. I use +force because sometimes, the decrypted file from yesterday is still there and if you don't the PGP command hangs. So to replace the contents of what I think is a good PGP file with malicious data, all an evil person has to do is concatenate on the end of the file? That doesn't seem right does it? Shouldn't PGP at least warn me that the sig/encryption doesn't cover the whole file? Or shouldn't it at least discard the extra text? I'm using the PGP 6.5.8 command line source from MIT compiled on Solaris x86, and duplicated the same results with the windows command line and gui tools (binary download from MIT). Output of my session is below... Andrew McAllister University of Missouri $ ls -l >> FILE.pgp $ cat FILE.pgp ¨PGPblahblah binary garbagetotal 2 -rw-r--r-- 1 user1 users 722 Jun 6 15:15 FILE.pgp $ pgp FILE.pgp Pretty Good Privacy(tm) Version 6.5.8 (c) 1999 Network Associates Inc. Export of this software may be restricted by the U.S. government. File is encrypted. Secret key is required to read it. Key for user ID: University of Missouri <pgp () umsystem edu> 1024-bit DSS key, Key ID 0x735B439B, created 2000/05/15 Key can sign. Users cannot encrypt to this key. You need a pass phrase to unlock your secret key. Enter pass phrase: Plaintext filename: FILE Output file 'FILE' already exists. Overwrite (y/N)? y Plaintext filename: FILE $ cat FILE total 2 -rw-r--r-- 1 xfer xfer 722 Jun 6 15:15 FILE.pgp $
Current thread:
- PGP spoof decrypted output? McAllister, Andrew (Jun 06)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 07)
- Re: PGP spoof decrypted output? Brian Hatch (Jun 07)
- Re: PGP spoof decrypted output? Rich Henning (Jun 07)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 10)
- Re: PGP spoof decrypted output? Rich Henning (Jun 10)
- Re: PGP spoof decrypted output? Roger Burton West (Jun 08)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 07)
- <Possible follow-ups>
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
- Re: PGP spoof decrypted output? Rich Henning (Jun 07)
- RE: PGP spoof decrypted output? Tony (Jun 07)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)