7040521 2001-09-04 16:37 +0200 /53 rader/ Patrick Oonk <patrick@pine.nl> Sänt av: joel@lysator.liu.se Importerad: 2001-09-04 18:48 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Externa svar till: patrick@pine.nl Mottagare: Bugtraq (import) <19062> Ärende: PGPsdk Key Validity Vulnerability ------------------------------------------------------------ From: Patrick Oonk <patrick@pine.nl> To: bugtraq@securityfocus.com Message-ID: <20010904163707.V16229@pine.nl> http://www.pgp.com/support/product-advisories/pgpsdk.asp A vulnerability in PGP's display of key validity has been discovered that could allow an attacker to fool users into thinking that a valid signature was created by what is actually an invalid user ID. If the attacker can obtain a signature on their key from a trusted third party, they can then add a second user ID to their key which is unsigned. The attacker must then switch the unsigned false user ID to primary and convince the victim to place the key on their keyring. In such a case, some of the displays in PGP do not properly identify the false user ID as invalid because the second user ID is fully valid. Whenever PGP displays validity information on a per-user ID basis, the display is correct. Thus, attentive users who examine the user IDs of all public keys which they import to their keyrings will immediately notice this problem before it could have any impact. This issue was discovered and reported to Network Associates/PGP Security, Inc. by Sieuwert van Otterloo. This issue has been corrected such that all key validity displays in PGP will properly mark the unsigned user ID as invalid. Hotfixes are now available for the following products: * PGP Corporate Desktop v7.1 (MacOS9/Win32) * PGP Personal Security v7.0.3 (MacOS9/Win32) * PGP Freeware v7.0.3 (MacOS9/Win32) * PGP E-Business Server v7.1 (Linux/Solaris/AIX/HPUX/Win32) Product upgrades are available for the following products: * PGP E-Business Server v6.5.8x (OS/390) * PGP E-Business Server v7.0.4 (Linux/Solaris/AIX/HPUX/Win32) The hotfixes and upgrades can be found at: http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp Network Associates/PGP Security Inc. has published the PGPsdk source code in electronic form for academic and cryptographic peer review. The source packages can be downloaded from: http://www.pgp.com/downloads/default.asp -- Patrick Oonk - PO1-6BONE - E: patrick@pine.nl - www.pine.nl/~patrick Pine Internet - PAT31337-RIPE - Hushmail: p.oonk@my.security.nl T: +31-70-3111010 - F: +31-70-3111011 - http://security.nl PGPID 155C3934 fp DD29 1787 8F49 51B8 4FDF 2F64 A65C 42AE 155C 3934 Excuse of the day: disks spinning backwards - toggle the hemisphere jumper. (7040521) /Patrick Oonk <patrick@pine.nl>/(Ombruten) Kommentar i text 7043141 av Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE> 7043141 2001-09-04 18:17 +0200 /31 rader/ Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE> Sänt av: joel@lysator.liu.se Importerad: 2001-09-05 00:09 av Brevbäraren Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM Mottagare: Bugtraq (import) <19068> Kommentar till text 7040521 av Patrick Oonk <patrick@pine.nl> Ärende: Re: PGPsdk Key Validity Vulnerability ------------------------------------------------------------ From: Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE> To: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <tgzo8b7wwf.fsf@mercury.rus.uni-stuttgart.de> Patrick Oonk <patrick@pine.nl> writes: > A vulnerability in PGP's display of key validity has been discovered > that could allow an attacker to fool users into thinking that a valid > signature was created by what is actually an invalid user ID. According to Sieuwert van Otterloo, PGP 5 and 6 are affected by this problem as well. (However, these versions have other problems as well, so you should not use them anyway.) Similar problems exist in PGP 2.x (the PGP version by Phil's Pretty Good Software) and its derivatives. Their notion of the primary user ID is flawed, too, although they do not support the V4 primary user ID subpacket. GnuPG does not mark non-certified user IDs when listing the user IDs for a key (but at least lists all user IDs, so you can notice that something fishy is going on), and the use of '--with-colons' without '--fixed-list-mode' by a frontend might cause the frontend to output misleading information much in the same way as PGP 7. -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 (7043141) /Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE>/