|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
PGP Desktop: incorrect validation of signature
Synthesis of the vulnerability
An attacker can inject data in a valid OpenPGP message, in order to force PGP Desktop to recognize this data as signed.
Impacted software: PGP Desktop.
Severity of this computer vulnerability: 3/4.
Consequences of a hack: data flow, disguisement.
Attacker's origin: document.
Creation date: 19/11/2010.
Références of this announce: BID-44920, CERTA-2010-AVI-566, CVE-2010-3618, SYM10-012, VIGILANCE-VUL-10138, VU#300785.
Description of the vulnerability
The RFC 4880 defines the format of OpenPGP messages. They are composed of data packets, which are signed and/or encrypted.
When an attacker captured an OpenPGP message between a sender and a receiver, he can:
- insert an unsigned packet (if the message contains a signed packet)
- insert an encrypted but unsigned packet (if the message contains an encrypted and signed packet)
In both cases, the PGP Desktop of the receiver displays two data packets, and indicates that they are both signed.
An attacker can therefore inject data in a valid OpenPGP message, in order to force PGP Desktop to recognize this data as signed.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a software vulnerability management. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.