Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Potential PGP signature verification problem?
From: Peter Hanecak <hanecak () megaloman com>
Date: Thu, 13 Mar 2003 08:47:46 +0100 (CET)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

On 12 Mar 2003, Avri Schneider wrote:

--[PinePGP]--------------------------------------------------[begin]--
Hello,

I have come across a possible problem in the way PGP handles
signature verification.
The problem lies in the fact that PGP will strip OLE objects inserted
in an e-mail and verify the message signature based only on the text,
not informing the user that objects were striped.
A WordPad document can be inserted in the e-mail as an OLE object,
having the same font style and size as the original message.
An attacker would take a signed message and insert such word document
anywhere in the message as an OLE object and when the recepient
checks the signature - the wordpad document is stripped and the
signature would be valid - The attack would only work if the
recepient does not use the pgp verified message "text viewer" dialog
box to read the message but uses it only to verify the validity of
the signature.

This was tested with pgp.com's PGP version 8.0, other versions may be
vulnerable as well.

I have experimented with older versions and they only worked in the
hash field of the PGP header which is stripped before the message is
verified and the same attack can be performed but text would only be
added at the beginning of the message.

Regards,
Avri Schneider
http://pgp.mit.edu 0x44F87D04

--[PinePGP]-----------------------------------------------------------
gpg: Signature made Mon 10 Mar 2003 10:14:16 PM CET using DSA key ID 44F87D04
gpg: Good signature from "Avri Schneider <avri.schneider () ca com>"
gpg:                 aka "Schneider, Avri </o=cai/ou=islandia/cn=Recipients/cn=schav01>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Fingerprint: 6919 8759 AAE1 3D99 B44D  4493 67A5 8491 44F8 7D04
--[PinePGP]----------------------------------------------------[end]--

sounds to me like MUA problem, not PGP problem.

Because I'm author of PinePGP I'm quite "educated" about how Pine handles 
signatures and attachments with this tool - to make things easier and also 
because of Pine filtering limitations PinePGP check only text parts of 
MIME messages. Attachments are not signed, not encrypted, not decrypted 
nor verified by PinePGP.

To somehow protect attachments, you may include for example MD5 checksums 
into text part of message. Or you can sign and/or encrypt (and then veryfy 
and/or decrypt) by hand outside of MUA.

To make simple ilustration how Pine_PinePGP works: This is MIME message:

- ----------------------------------------------------------------------
From: ...
To: ....
Subject: ...
...
Content-Type: ...; boundary="-XXX-"

- ---XXX-
Content-Type: text/plain

This is text message - it can be signed and also encrypted. Pine+PinePGP 
ussualy handle that as you expect - encryp and/or sign if you ask to, 
decrypt and/or verify automaticaly.

Content (clear text or encrypted) plus signature are all parts of just 
this MIME part of this e-mail message.

- ---XXX-
Content-Type: application/octet-stream

This is some binary attachment. Pine+PinePGP do not touch this - i.e. no 
signing, no encryption, no automatic verification now decryption.

It may be encrypted and also signed (if done manualy and then attached to 
message) but PinePGP does not check it - it's not text/plain .

- ---XXX---
- ----------------------------------------------------------------------

Pine filters can handle only trext/plain messages thus PinePGP only offer 
crypto functions only to text parts of e-mail MIME messages.


And, IMO, that's the way other MUAs (and their PGP plugins for MUAs) may 
work. (Note: But for example 'mutt' does not work this way - signatures 
are not part of text part of MIME message but are in separate MIME part, 
thus it may work differently wit document attachments).

But it's hard to tell. What MUA do you use?

Sincerely

Peter Hanecak

- -- 
========================================================
  Peter Hanecak <hanecak () megaloman sk>
  GPG pub.key: http://www.megaloman.sk/gpg/hanecak.txt
========================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+cDel1rzDsblwlA8RAjM3AJ9nF2xJHwKoe2u/Tkr09D1G8kF+IgCfUV00
JCu19Tk6AncGKajaE7Tm2yw=
=fk1Y
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]