[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : PGP 7.0 (Pretty Good Privacy) signature verification vulnerability

Title: PGP 7.0 (Pretty Good Privacy) signature verification vulnerability
Released by: Michael Kjörling
Date: 8th January 2001
Printable version: Click here 
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



Product: Pretty Good Privacy

Severity: Medium to high

Impact: Users with write access to signed exported key blocks may

replace them with arbitrary keys without any warning being issued

upon import of those keys

Local: Yes

Remote: No (though man-in-the-middle attacks is a possibility)

Vendor status: Network Associates was contacted December 20; see

below



Confirmed vulnerable: PGP for Desktop Security, version 7.0.0.0 build

242, on Windows 2000

Suspected vulnerable: All versions of PGP 7.0

Confirmed not vulnerable: none





Disclaimer:



This information is provided "as is", with no warranties of any kind,

either expressed or implied. It was discovered through trial and

error; the source code has not been examined as it has been out of my

reach. I take no responsibility for how the information contained

within this advisory is utilized.





Description:



There seems to be a vulnerability in the key import code in PGP 7.0

on the Win32/Intel platform, causing a signature on a full exported

and ASCII armored key block not to be checked when "Decrypt/Verify"

is selected to import the key(s). This means that any signatures on

the full exported key block is not checked, opening the possibility

for anyone who have write access to the file to replace the keys

without having to generate a new signature. Key signature

verification, however, is not affected by this vulnerability.





Exploit:



Given the possibility to write to the PGP signed file containing the

exported key(s), replace the keys without altering the signature. PGP

will not warn the user upon import of the keys that the signature has

become invalid. Man-in-the-middle attacks are also a possibility,

given an eavesdropper listening on the communications channel and

replacing the key material as it flows through the wires.





Workaround:



There is no known workaround, besides always verifying fingerprints

with the owner of the key as well as not trusting keys that have no

or just a few signatures.





Vendor status:



Network Associates was contacted by email to  as

per instructions from their support department on December 20th,

2000, and they were advised that an advisory would be posted to

Bugtraq on Jan 8. The email was encrypted with their "Software

Release Key" which was the key I was pointed to when asking to whom I

should encrypt the email, but I still have not heard back from them.







Michael Kjörling

michael@kjorling.com



-----BEGIN PGP SIGNATURE-----

Version: PGP 7.0

Comment: All computers wait at the same speed.



iQA/AwUBOlnVfSqje/2KcOM+EQLUgACePUxBaAKla2jBZzdquOeba3nESYYAoNdt

0vzBXN6YIZ1V50EboF4maM3/

=hJXy

-----END PGP SIGNATURE-----






(C) 1999-2000 All rights reserved.