[dev] GnuPG vulnerability

[Matt Selsky]

Quoting Jan Schneider <jan at horde.org>:

> If anyone has a few spare minutes to dive into this document, it would
> be great to test whether Horde/IMP is vulnerable too:
> http://www.coresecurity.com/?action=item&id=1687

For the following message (created according to the URL above):

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.7 (SunOS)

yy5iAEXvgVVUaGlzIHRleHQgd2FzIGluc2VydGVkIGJ5IHRoZSBhdHRhY2tlciEK
=NYds
-----END PGP MESSAGE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This text is in clear, and signed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (SunOS)

iD8DBQFF74HHDilrvfj5xFoRAtN9AKCcxqWGoVpOonEtXxaQ4ItOlR4RkQCfUgFD
Grb9+OLgbLxJnNosHgMZ6oQ=
=DtSQ
-----END PGP SIGNATURE-----


We show:

* This message has been encrypted with PGP.
This text was inserted by the attacker!
* This message has been digitally signed via PGP.
gpg: Signature made Wed Mar 07 22:23:51 2007 EST using DSA key ID F8F9C45A
gpg: Good signature from "Matt Selsky <selsky at columbia.edu>"
This text is in clear, and signed.


Some problems:

1) We say that the message was encrypted.  It was really only encoded  
with PGP.  No actual encryption was done.
2) Since we think the message was encrypted, we ask the user for the  
passphrase for their secret key.  This is completely unneeded.

The new gnupg 1.4.7 produces the following output on the command-line:

$ gpg <clear_hoax.txt
This text was inserted by the attacker!
gpg: WARNING: multiple plaintexts seen
gpg: handle plaintext failed: unexpected data

We direct stderr to a file, but the warning from gpg never makes it  
back to the user.

The proper way to use gpg is with the "--status-fd" option and then  
parsing the output of that.


-- 
Matt