BugTraq
Back to list
|
Post reply
Potential PGP signature verification problem?
Mar 12 2003 07:59PM
Avri Schneider (avri_schneider yahoo com)
(1 replies)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I have come across a possible problem in the way PGP handles
signature verification.
The problem lies in the fact that PGP will strip OLE objects inserted
in an e-mail and verify the message signature based only on the text,
not informing the user that objects were striped.
A WordPad document can be inserted in the e-mail as an OLE object,
having the same font style and size as the original message.
An attacker would take a signed message and insert such word document
anywhere in the message as an OLE object and when the recepient
checks the signature - the wordpad document is stripped and the
signature would be valid - The attack would only work if the
recepient does not use the pgp verified message "text viewer" dialog
box to read the message but uses it only to verify the validity of
the signature.
This was tested with pgp.com's PGP version 8.0, other versions may be
vulnerable as well.
I have experimented with older versions and they only worked in the
hash field of the PGP header which is stripped before the message is
verified and the same attack can be performed but text would only be
added at the beginning of the message.
Regards,
Avri Schneider
http://pgp.mit.edu 0x44F87D04
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
iQA/AwUBPm0AKGelhJFE+H0EEQIyxACg7HTH5UjaSGy5D3cobYx0h6io1lsAnRk1
cWnPtLBNw3G3XBkZuuUXPgIg
=fWay
-----END PGP SIGNATURE-----
[ reply ]
Re: Potential PGP signature verification problem?
Mar 13 2003 07:47AM
Peter Hanecak (hanecak megaloman com)
(1 replies)
Re: Potential PGP signature verification problem?
Mar 14 2003 08:14AM
Florian Weimer (Weimer CERT Uni-Stuttgart DE)
Privacy Statement
Copyright 2010, SecurityFocus
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I have come across a possible problem in the way PGP handles
signature verification.
The problem lies in the fact that PGP will strip OLE objects inserted
in an e-mail and verify the message signature based only on the text,
not informing the user that objects were striped.
A WordPad document can be inserted in the e-mail as an OLE object,
having the same font style and size as the original message.
An attacker would take a signed message and insert such word document
anywhere in the message as an OLE object and when the recepient
checks the signature - the wordpad document is stripped and the
signature would be valid - The attack would only work if the
recepient does not use the pgp verified message "text viewer" dialog
box to read the message but uses it only to verify the validity of
the signature.
This was tested with pgp.com's PGP version 8.0, other versions may be
vulnerable as well.
I have experimented with older versions and they only worked in the
hash field of the PGP header which is stripped before the message is
verified and the same attack can be performed but text would only be
added at the beginning of the message.
Regards,
Avri Schneider
http://pgp.mit.edu 0x44F87D04
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
iQA/AwUBPm0AKGelhJFE+H0EEQIyxACg7HTH5UjaSGy5D3cobYx0h6io1lsAnRk1
cWnPtLBNw3G3XBkZuuUXPgIg
=fWay
-----END PGP SIGNATURE-----
[ reply ]