PGP Desktop Unsigned Data Insertion
1212
05 March 2020
18 November 2010
CLOSED
MEDIUM
4.3
SUMMARY
PGP Desktop versions are vulnerable to a data insertion vulnerability. Unsigned (insecure) data could be inserted into OpenPGP messages signed by a trusted source. When the message is decrypted and verified, PGP Desktop may incorrectly identify the message as being fully valid.
AFFECTED PRODUCTS
|
Product |
Version |
Solution |
|
PGP Desktop for Windows and OS X |
10.0.3 and prior |
Upgrade to 10.0.3SP2 |
|
PGP Desktop for Windows and OS X |
10.1.0 |
Upgrade to 10.1.0 SP1 |
ADDITIONAL PRODUCT INFORMATION
Product(s) Not Affected
|
Product |
Version |
|
PGP Command Line |
9.6 and greater |
ISSUES
Severity
Medium
|
Remote Access |
Yes |
|
Local Access |
Yes |
|
Authentication Required |
No |
|
Exploit publicly available |
Proof of Concept |
MITIGATION
Details
Symantec was notified of a data insertion vulnerability identified in PGP Desktop versions. As defined in RFC 4880, OpenPGP messages are composed of "packets" of information. For example, an OpenPGP message may contain data, signatures, encrypted content, etc. Typically, messages are signed and encrypted, or perhaps just signed, or just encrypted. If a file is signed, there is assurance that it came from a known source (the signer), and was not tampered with.
A skilled attacker, who could successfully intercept an OpenPGP encrypted message from a sender and retransmit to the original recipient, could insert unsigned packets into the OpenPGP message containing signed data. In some circumstances, PGP Desktop will output both the signed and unsigned data, and verify the data as being signed, even though it contains unsigned data.
Alternately, the attacker could insert encrypted data into an OpenPGP message that contains signed and encrypted data. If done successfully, PGP Desktop will output both the encrypted data and the encrypted and signed data, and report that the signature was verified.
A malicious individual with physical access to stored OpenPGP messages can also perform this attack off-line, by inserting the unsigned data into the stored file contents.
The following matrix describes how PGP Desktop is vulnerable to these attacks, either by decrypting and verifying the data with PGP Desktop itself, or by right-clicking the OpenPGP message file and choosing to decrypt and verify.
|
|
PGP Desktop for Windows |
|
|
|
Unsigned Data Alongside Signed Data |
Encrypted Data Alongside Encrypted+Signed Data |
|
Decrypt/Verify File in PGP Desktop |
Not Vulnerable |
Not Vulnerable |
|
Decrypt/Verify File via Right-Click |
Vulnerable |
Vulnerable |
|
|
PGP Desktop for OS X |
|
|
|
Unsigned Data Alongside Signed Data |
Encrypted Data Alongside Encrypted+Signed Data |
|
Decrypt/Verify File in PGP Desktop |
Not Vulnerable |
Vulnerable |
|
Decrypt/Verify File via Right-Click |
Not Vulnerable |
Vulnerable |
Note: Double-clicking an OpenPGP (.pgp) message file will cause the file to be opened for decryption and verification in PGP Desktop.
Symantec Response
PGP product engineers have developed and released a solution. Concerned PGP customers can download Service Pack updates for 10.0.3 and 10.1 by contacting PGP Customer Support.
Workaround:
Users of affected versions of PGP Desktop for Windows should open files for decryption and verification from within the PGP Desktop application, by selecting File->Open and browsing to the file name. Alternately, double-click the file icon to have it opened in PGP Desktop automatically.
ACKNOWLEDGEMENTS
Symantec thanks Eric Verheul, Digital Security group, Radbound University Nijmengen for identifying and reporting this issue.
REFERENCES
Security Focus, http://www.securityfocus.com, has assigned a Bugtraq ID (BID) 44920 to this issue for inclusion in the Security Focus vulnerability database.
This issue is a candidate for inclusion in the Common Vulnerabilities and Exposures (CVE) list (http://cve.mitre.org). The CVE initiative has assigned CVE-2010-3618 to this issue.