[dev] GnuPG vulnerability

Jan Schneider jan at horde.org
Thu Mar 8 09:13:18 UTC 2007


Zitat von Matt Selsky <selsky at columbia.edu>:

> Quoting Jan Schneider <jan at horde.org>:
>
>> If anyone has a few spare minutes to dive into this document, it would
>> be great to test whether Horde/IMP is vulnerable too:
>> http://www.coresecurity.com/?action=item&id=1687
>
> For the following message (created according to the URL above):
>
> -----BEGIN PGP MESSAGE-----
> Version: GnuPG v1.4.7 (SunOS)
>
> yy5iAEXvgVVUaGlzIHRleHQgd2FzIGluc2VydGVkIGJ5IHRoZSBhdHRhY2tlciEK
> =NYds
> -----END PGP MESSAGE-----
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This text is in clear, and signed.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (SunOS)
>
> iD8DBQFF74HHDilrvfj5xFoRAtN9AKCcxqWGoVpOonEtXxaQ4ItOlR4RkQCfUgFD
> Grb9+OLgbLxJnNosHgMZ6oQ=
> =DtSQ
> -----END PGP SIGNATURE-----
>
>
> We show:
>
> * This message has been encrypted with PGP.
> This text was inserted by the attacker!
> * This message has been digitally signed via PGP.
> gpg: Signature made Wed Mar 07 22:23:51 2007 EST using DSA key ID F8F9C45A
> gpg: Good signature from "Matt Selsky <selsky at columbia.edu>"
> This text is in clear, and signed.
>
>
> Some problems:
>
> 1) We say that the message was encrypted.  It was really only  
> encoded with PGP.  No actual encryption was done.
> 2) Since we think the message was encrypted, we ask the user for the  
> passphrase for their secret key.  This is completely unneeded.
>
> The new gnupg 1.4.7 produces the following output on the command-line:
>
> $ gpg <clear_hoax.txt
> This text was inserted by the attacker!
> gpg: WARNING: multiple plaintexts seen
> gpg: handle plaintext failed: unexpected data
>
> We direct stderr to a file, but the warning from gpg never makes it  
> back to the user.
>
> The proper way to use gpg is with the "--status-fd" option and then  
> parsing the output of that.

If I understand correctly, we *do* detect that these are two different  
PGP parts and display different status messages for them, which is  
good. Unfortunately the message for the first part is not correct, so  
we should fix that.

I see a different problem though: We don't show where the  
signed/encrypted message part ends. In the case of your message that  
I'm replying to, the text part starting with "We show:" comes right  
after the signed part "This text is in clear, and signed.", with no  
indication that only the first one is signed, not the latter.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/



More information about the dev mailing list