===================================================================== CERT-Renater Note d'Information No. 2005/VULN544 _____________________________________________________________________ DATE : 13/03/2005 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Enigmail. ====================================================================== Security Vulnerability in Enigmail Enigmail is an extension for Mozilla and Thunderbird to sign and encrypt E-mails with GnuPG. DFN-CERT#58509 / CERT/CC VU#805121 - Security Vulnerability in the Enigmail Key Selection Dialog If a user has a key on his keyring, that has a UID with no additional information ("empty UID", no name, e-mail address, etc.) e-mail may be encrypted to this key, although that key was not selected by the user when encrypting the e-mail. An attacker may use this vulnerability to gain access to confidential information (i.e. encrypted e-mails) by tricking a user to import a crafted key with an "empty UID" into his keyring. The user may have to assign trust to the key so that GnuPG is actually using the key. Wether the e-mail is encrypted to an "empty UID" depends on the setting of Enigmail -> Preferences -> Key Selection 1) Never display PGP key selection dialog If Enigmail can assign keys to all recipients, the message is sent encrypted, the key with the "empty UID" is not selected. If enigmail cannot assign a key to one of the recipients the message is sent in cleartext. This is normal Enigmail behaviour. 2) Display selection when necessary a) If Enigmail can assign a key to all recipients, the mail is encrypted and send without a key selection dialog. This is normal, correct Enigmail behaviour. b) If a key cannot be assgined to one of the recipients, a key selection dialog appears (this is correct) but the key with the empty UID is marked as selected (this should not be). 3) Always display selection Same as 2b) above. In both cases, the key can be deselected by the user, although the selection may be overlooked by the user (i.e. due to number of keys). Example of a key with an "empty UID": > gpg --list-sigs 01234567 pub 1024D/01234567 2005-01-01 [expires: 2007-12-31] uid Eddie Example sig 01234567 2005-01-01 Eddie Example uid sig 01234567 2005-01-01 Eddie Example sub 2048g/89ABCDEF 2005-01-01 [expires: 2007-12-31] sig 01234567 2005-01-01 Eddie Example Note the empty 4th line showing just "uid". However, this has a key-id that is used in decrypting the mail, i.e. the mail is encrypted to the key 89ABCDEF. BTW: The sub-key-id is not listed with GnuPG 1.2.x nor can such a key be created with stock GnuPG. The following platforms are affected: MS Windows, Linux, FreeBSD, NetBSD, OpenBSD, Sun Solaris The Enigmail Development team has released Enigmail 0.92.1 to address this vulnerability. Updates can be obtained from: http://enigmail.mozdev.org/download.html CERT/CC is tracking this issue unter the vulnerability ID: VU#805121 The German version of this advisory is available under http://www.dfn-cert.de/infoserv/dsb/dsb-2005-01.html We'd like to thank Hadmut Danisch for bringing up this issue and the Enigmail Development Team for their cooperation. (c) by DFN-CERT Services GmbH. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================