Don't Trust GnuPG Encrypted and Signed E-Mail
Core Security Technologies has discovered a flaw in GNU Privacy Guardthe open-source cryptographic software system that's part of the GNU software project and at the heart of third-party e-mail that's signed, encrypted and trustedthat allows attackers to reach into e-mail and add whatever content they dream up.
Besides the ability to mislead recipients about the trustworthiness of signed e-mail, the flaw also allows attackers to bypass content-filtering defenses such as anti-spam tools, making it "particularly inconvenient" to detect phishing attacks, according to a statement from Core Security.
This hole lies in a broad range of open-source e-mail client software programs, including KMail, Evolution, Sylpheed, Mutt and GNUMail. It also affects Enigmail, an extension to the mail client of Mozilla/Netscape and Mozilla Thunderbird that gives users the authentication and encryption of GnuPG.
Enigmail and GnuPG have released new versions to address the problem, and CoreLabs has published a workaround to help users detect and prevent exploitation.
Core Security CTO Ivan Arce said that the flaw isn't technically a flaw. Rather, it's an issue of third-party applications using GnuPG in the wrong way. After realizing the volume of third-party applications that have implemented GnuPG incorrectly, however, the GNU Project realized it would be easier to change GnuPG's API rather than make sure every third-party application was fixed, Arce said. A message on the GNU Project's site confirms this:
Given that there are many applications in use which are subject to the described problem, we have decided to change GnuPG so that such forged OpenPGP messages are detected and the signature verification will fail.
The GNU Project released an update, GnuPG 1.4.7, today.
For those who don't want to update, the GNU Project has a "minimal patch" available here.
CoreLabsthe research arm of Core Securitiydiscovered that the vulnerability, which involves incorrect verification of signatures, can lead unsuspecting users reading a GPG encrypted and/or signed e-mail through a mail client or encryption extension to believe that the entire message was signed by the sender. In fact, any portion of the content may have been inserted by an attacker. The attacker can even hide the signed portion of a message and present the user with only the bogus content.
CoreLabs stressed that this isn't a problem with the cryptography; rather, it has to do with the presentation of information and how third-party applications interact with GnuPG.
Vulnerable systems include those using:
GnuPG 1.4.6 and previous versions
Enigmail 0.94.2 and previous versions
KMail 1.9.5 and previous versions
Evolution 2.8.1 and previous versions
Sylpheed 2.2.7 and previous versions
Mutt 1.5.13 and previous versions
GNUMail 1.1.2 and previous versions
Other scripts and applications using GnuPG may be vulnerable
Core Security also recommends the following workaround:
If a signed message looks suspicious, the validity of the signature can be verified by manually invoking GnuPG from the command line and adding the special option "--status-fd" to gain extra information.