[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : PGP 7.0 (Pretty Good Privacy) signature verification vulnerability

Title: PGP 7.0 (Pretty Good Privacy) signature verification vulnerability
Released by: Michael Kj÷rling
Date: 8th January 2001
Printable version: Click here

Hash: SHA1

Product: Pretty Good Privacy

Severity: Medium to high

Impact: Users with write access to signed exported key blocks may

replace them with arbitrary keys without any warning being issued

upon import of those keys

Local: Yes

Remote: No (though man-in-the-middle attacks is a possibility)

Vendor status: Network Associates was contacted December 20; see


Confirmed vulnerable: PGP for Desktop Security, version build

242, on Windows 2000

Suspected vulnerable: All versions of PGP 7.0

Confirmed not vulnerable: none


This information is provided "as is", with no warranties of any kind,

either expressed or implied. It was discovered through trial and

error; the source code has not been examined as it has been out of my

reach. I take no responsibility for how the information contained

within this advisory is utilized.


There seems to be a vulnerability in the key import code in PGP 7.0

on the Win32/Intel platform, causing a signature on a full exported

and ASCII armored key block not to be checked when "Decrypt/Verify"

is selected to import the key(s). This means that any signatures on

the full exported key block is not checked, opening the possibility

for anyone who have write access to the file to replace the keys

without having to generate a new signature. Key signature

verification, however, is not affected by this vulnerability.


Given the possibility to write to the PGP signed file containing the

exported key(s), replace the keys without altering the signature. PGP

will not warn the user upon import of the keys that the signature has

become invalid. Man-in-the-middle attacks are also a possibility,

given an eavesdropper listening on the communications channel and

replacing the key material as it flows through the wires.


There is no known workaround, besides always verifying fingerprints

with the owner of the key as well as not trusting keys that have no

or just a few signatures.

Vendor status:

Network Associates was contacted by email to  as

per instructions from their support department on December 20th,

2000, and they were advised that an advisory would be posted to

Bugtraq on Jan 8. The email was encrypted with their "Software

Release Key" which was the key I was pointed to when asking to whom I

should encrypt the email, but I still have not heard back from them.

Michael Kj÷rling



Version: PGP 7.0

Comment: All computers wait at the same speed.





(C) 1999-2000 All rights reserved.