March 10, 2006 2:38 PM PST

Open-source bugs undermine digital signatures

A pair of security bugs in cryptography software could allow an attacker to insert content into a digitally signed message or forge signatures on files.

The flaws lie in the open-source GNU Privacy Guard software, also known as GnuPG and GPG, the GnuPG group said in two alerts. The software, a free replacement for the Pretty Good Privacy cryptographic technology, ships with many open-source operating systems such as FreeBSD, OpenBSD and many Linux distributions.

The vulnerabilities could pose a threat to the value of digital signatures, Tavis Ormandy of the Gentoo Linux security team wrote in an e-mail interview on Friday. For example, a miscreant could add information to a security alert sent via e-mail or forge the digital signature on software updates, wrote Ormandy, who discovered both flaws.

This poses a risk to those who use the open-source cryptographic technology to authenticate e-mail communications or digitally sign files and, even more so, to the recipients of those messages and users of the files.

Linux and Unix distributors, for example, often use GPG digital signatures in their security advisories so customers can verify the announcement is authentic, Ormandy wrote. The signatures are also used in some software updates these companies put out to ensure nobody has tampered with data, he said.

"GnuPG is used in all sorts of ways to guarantee the authenticity of files and messages," Ormandy wrote. "Without the help of GPG, you can bet phony advisories with advice to download malicious files would be a daily occurrence."

Systems used to distribute software updates that rely on GPG will likely need fixing. "It is likely that many software update systems--especially on Linux--rely on GPG and will require an update to prevent anyone malicious tampering with software repositories," Ormandy wrote.

Fixes for the flaws are available from the GnuPG team. In addition, those who include the technology in their own products, such as Gentoo and Novell, have been pushing out updates for their products.

The most recent patch was released Thursday. It was discovered that it is possible to insert data into a digitally signed message, which the system would still verify as authentic, according to a GnuPG security advisory.

Ormandy discovered this latest flaw when further researching an earlier bug, for which a patch was released on Feb. 15. That earlier flaw could cause automated signature checkers on file downloads to consider a file safe, while the signature was forged, according to a Novell Suse Linux alert.

There have been no reports of attacks that exploit the vulnerabilities. However, users of the vulnerable software should install security updates soon to ensure they are protected.

See more CNET content tagged:
digital signature, cryptography, Novell Inc., open source, Gentoo

5 comments

Join the conversation!
Add your comment
Misleading article title.
There no flaw in GPG per se. Namely, the issue is that if you verify a signature, it verifies the signature of the signed portion of the message properly -- no bug there. The bug is that if you have it dump out the message, it dumps out the whole message (e.g., headers and all), not just the signed portion.

The problem is that this confuses people that don't realize that a portion of the message is signed, and a portion is not. It's clearly indicated in the message the part that's signed (by a line that says, essentially, "signed message begins here"), but some people don't catch that.

The practical upshot is that one can add stuff before (or after) the signed section and GPG will validate the signed section for you and tell you it's okay. If you ignore the fact that only a portion of the message is signed, you will thus conclude the entire message is signed (including the altered portion outside the signed block).

The fix -- make it explicitly identify the signed block.
Posted by Zymurgist (397 comments )
Reply Link Flag
Terrific
Good, no flaw so I guess they just developed the patch to sooth the general public? Does that mean we can safely ignore the posted fix to the non existent flaw???
Posted by robertcampbell2 (103 comments )
Link Flag
No
You're just wrong. It IS a bug in GnuPG, and it has to do with digsigs being validated when they shouldn't be. From the GnuPG site itself:

"The Gentoo project identified a security related BUG in GnuPG. When using any current version of GnuPG for unattended signature verification (e.g. by scripts and mail programs), false positive signature verification of detached signatures may occur."

See that? Bug. False positive signatures.

And:

"In the aftermath of the false positive signature verfication bug more thorough testing of the fix has been done and another vulnerability has been detected. This new problem affects the use of gpg for verification of signatures which are not detached signatures. The problem also affects verification of signatures embedded in encrypted messages; i.e. standard use of gpg for mails."
Posted by TimeBomb (70 comments )
Link Flag
Less than useful
Writing about a flaw in a complex system without providing any indication of where the flaw lies or what the flawed mechanism is leaves the reader with nothing to use in evaluating alternatives or examining similar systems. Poor journalism.
Posted by nerdboy (2 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.