Security flaw in PGPverify of INN (fwd)

Ray Arachelian sunder at brainlink.com
Tue Oct 14 11:20:01 PDT 1997





=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    |Prying open my 3rd eye.  So good to see |./|\.
..\|/..|sunder at sundernet.com|you once again. I thought you were      |/\|/\
<--*-->| ------------------ |hiding, and you thought that I had run  |\/|\/
../|\..| "A toast to Odin,  |away chasing the tail of dogma. I opened|.\|/.
.+.v.+.|God of screwdrivers"|my eye and there we were....            |.....
======================= http://www.sundernet.com ==========================

---------- Forwarded message ----------
Date: Tue, 14 Oct 1997 17:34:11 +0200
From: Peter Simons <simons at RHEIN.DE>
To: BUGTRAQ at NETSPACE.ORG
Subject: Re: Security flaw in PGPverify of INN

-----BEGIN PGP SIGNED MESSAGE-----

I am replying to the "security problem" report in pgpverify written by
Lutz Donnerhacke, which has been delivered via several mailing lists,
including BUGTRAQ and Best-Of-Security. Normally I'd simply ignore
this article, but this is so breath-takingly ridiculous that I have to
set a few facts straight.

Lutz Donnerhacke <lutz at IKS-JENA.DE> wrote:

 > I was urged to send you the following information. I noticed CERT and tale
 > itself. But tale claims that the problem is not a problem of pgpverify, it's
 > a problem of some krauts trying to send checkgroups monthly using a bot.
 >
 > The checkgroups mentioned were send since a year. They do not include Date:
 > and Message-ID: because these values were not predictable by the human
 > signer and the bot does not know the passphrase to work with.
 >
 > In consequence there are checkgroups out there which can be resend at any
 > time causing a lot of trouble, because the signature is still valid even if
 > a new Message-ID: and Date: line are used.
 >
 > The obvious fix is to modify pgpverify to block such control messages.
 > ftp://ftp.iks-jena.de/pub/mitarb/lutz/ contains the necessary fixes.

This is plain bullshit. pgpverify is working just fine and there's no
security leak or malfunction in the script.

The real story behind this 'report' is as follows: Lutz is the
moderator for the german language de.* USENET hierarchy. One of his
duties is to send out regular checkgroups and other control messages.

What he did is that he didn't include the Message-Id and Date header
into the signature of the control messages that he posted. He only
signed headers like From and Subject. So he posted control messages
with incomplete signatures for maybe a year, until this was first
noticed and publicly addressed by Ralph Babel.

The problem with these control messages is that anybody is able to
re-post them with a new Message-Id and Date. Due to the correct PGP
signature, most INNs will simply execute them, thus deleting all
changes in the hierarchy since the checkgroups was posted originally.
While this is not a major problem, it certainly is a problem, as all
groups that have been created past a certain date can easily be
removed, etc...

When his mistake became public, he didn't stand up for it and created
a new key to start posting correct control messages, rendering the old
ones useless, he put the blame on Tale and his script instead.

So please don't believe this "security flaw". pgpverify is working
just fine and if the responsible person will use PGP correctly, there
is no problem at all.

        -peter

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQCVAwUBNEORSw9HL1s0103BAQEgugP9FWJMNivNBqmJElzoQ6pXnwvS6QsbLjQG
YrwHzvcYY3CAR7R446gr/WeuxW1JI1t9+yql8TNSvHeEXAX+qgz/ZMCjcjgjg0Pe
j0BuVLBBfKuBoxGZDQybRybu3d5Xflqk07W9HjPP0tDtdkUcjndHr2J1Ea/J4zTd
QgGNNUoZDFM=
=brmw
-----END PGP SIGNATURE-----







More information about the cypherpunks-legacy mailing list