Manipulated messages despite GnuPG
Security functions do no good when they are not used properly. Core Security has just reported such a problem: a number of email clients do not work properly with the interface of the Open Source encryption program GnuPG, allowing text to be added subsequently to a signed email without a warning from the client. At first glance, the user cannot tell which part of an email is signed and which isn't. Attackers could exploit this hole to get victims to open manipulated text. But if the signature is stored in a separate file (detached), no manipulation is possible.
The problem is the result of a simplified request for information provided by GnuPG on signatures. To get extra information, the email client would have to call GnuPG with the option --status-fd. Unfortunately, a lot of clients do not perform this check, among them Enigmail, KMail, Evolution, Sylpheed, Mutt and GNUMail. The problem is not new; back in February of 2006, GnuPG let in invalid signatures under certain circumstances if the option --status-fd was not used. A month later, it turned out that GnuPG did not always detect unsigned data added subsequently.
Core Security has informed the vendors of the clients listed above of the problem, and a few have already reacted and begun work on patches. The developers of GnuPG also worked on a solution to get rid of the problem of improper or missing options once and for all. According to a security advisory written by Werner Koch, with GnuPG 1.4.7 and 2.0.3 even flawed email clients are allegedly able to detect invalid signatures or text subsequently added. Patches for GPME versions 1.1.3, 1.1.2 and GnuPG 1.4.6 have also already been published.
- Multiple Messages Problem in GnuPG and GPGME, GnuPG security advisory
- GnuPG and GnuPG clients unsigned data injection vulnerability, Core Security's security advisory