OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: stake advisories (stake)
Date: Mon Apr 09 2001 - 13:41:33 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

                                   stake, Inc.
                                 www.atstake.com

                         Security Advisory Notification

    Advisory Name: Windows PGP (Pretty Good Privacy) ASCII Armor Parser
                     Vulnerability
       Release Date: 04/09/2001
        Application: PGP (Pretty good privacy) Version 5 to 7.0.3 (latest)
           Platform: Windows 95, 98, Millennium, NT, Windows 2000, but see
                     'Vulnerable Versions' section below.
           Severity: Opening an ASCII armored file such as a public key or a
                     detached signature can cause the creation of an arbitrary
                     file on the target machine. On the Windows platform
                     this can lead to the execution of arbitrary code on the
                     target machine.
             Author: Chris Anley [ dec0deatstake.com ]
    Vendor Status: Vendor has issued patches
                CVE: CAN-2001-0265
          Reference: www.atstake.com/research/advisories/2001/a040901-1.txt

    Overview:

    PGP (Pretty Good Privacy) is a suite of encryption tools originally
    published in 1991 by Phil Zimmermann to enhance personal privacy. It has
    become the de facto standard for email encryption, winning numerous
    industry awards and spawning a variety of alternative versions.

    PGP Security, Inc. currently maintains the commercial version of PGP
    also providing a version that is freely downloadable.

    The PGP ASCII Armor parser provided with most versions of PGP
    (see 'Vulnerable Versions' section below) contains a behaviour that
    allows the creation of an arbitrary file in the same directory as the
    armored file. Since this file can contain arbitrary bytes, this can
    easily lead to the execution of arbitrary code on the Windows platform.

    Vendor Responses:

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    PGP Security takes all issues of this nature seriously. We appreciate
    stake's professional handling of this matter allowing us the time to
    produce a patch for our users.

    The existence of viruses and trojan horses on the local machine is a
    well-known way to damage the security provided by PGP, and we have
    documented this in the "Vulnerabilities" section of our "Intro to
    Crypto" guide distributed with every copy of PGP for many years now.

    While protecting local machine security against such threats is the
    job of virus scanners, PGP Security feels that there are some rare
    cases raised by the advisory where this Windows problem causes
    particularly adverse behavior in PGP.

    To correct this behavior, PGP has issued a patch. Users may download
    the patch at the following URLs:

    PGP Desktop Security 7.0.4 Hotfix 1:
    http://download.nai.com/products/licensed/pgp/desktop_security/windows
    /version_7.04/hotfix/PGPDS704Hotfix1.zip

    PGPfreeware 7.0.3 Hotfix 1:
    http://download.nai.com/products/freeware/pgp/windows/version_7.03/hot
    fix/PGPfreeware703Hotfix1.zip

    This patch will add all PGP DLLs to the KnownDLLs list in the
    registry. In addition, it will notify users with the Save As dialog
    if any DLL is saved in the course of parsing a PGP file. The registry
    patch will make certain that none of PGP's DLLs could ever be
    subverted with this method. The notification will help to ensure that
    users are aware that a DLL which may belong to a third party
    application was extracted. Note that while this patch solves the
    problem for PGP, it does not solve the problem for Windows in
    general, and it is very likely that other issues of this nature may
    exist in other Windows software.

    These patches will be a standard part of future versions of PGP for
    Windows.

    PGP Security, Inc.
    April 8, 2001

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0.4

    iQA/AwUBOtFGMBxfqn6wxlmOEQJalwCfce+XBqxEjHFPVd9SR5FcnbhkDp8AniPR
    ncl9VTZuxKekIhFf+6RmKFMs
    =1Fks
    -----END PGP SIGNATURE-----

    Advisory Reference:

    http://www.atstake.com/research/advisories/2001/a040301-1.txt

    ** The advisory contains additional information. We encourage those
    ** effected by this issue to read the advisory.
    **
    ** All vulnerablity database maintainers should reference the above
    ** advisory reference URL to refer to this advisory.

    Advisory Release policy: http://www.atstake.com/research/policy/
    For more advisories: http://www.atstake.com/research/advisories/
    PGP Key: http://www.atstake.com/research/pgp_key.asc

    Copyright 2001 stake, Inc. All rights reserved
    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    iQA/AwUBOtIBsVESXwDtLdMhEQJC+wCeLw+ZhV0kvAIvmUh7ya0S5mokFTUAnAsv
    rfaL+YSMcMOcTDLsu0a1kQ0v
    =vvZp
    -----END PGP SIGNATURE-----