Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Inexcusable weakness in Kmail / GnuPG

from [Simple Nomad] Network Security [Permanent Link]
Subject: Re: Inexcusable weakness in Kmail / GnuPG
Date: Fri, 24 Dec 2004 00:30:24 -0600 
<snip>


So i compose my reply, and i'm just about to click the Send button, when i 
notice, quite by chance, that the reply is *not* encrypted by default, and i 
am not warned about this fact.  My reply, and my entire past exchange with 
the source, is about to go out in fscking clear text!  


Most if not all mailers are affected by certain bugs related to this. It
"forgets" the passphrase, but does it free the variable? Does it wipe
the variable with 0's or random data as soon as it is done with the
passphrase, assuming it is supposed to forget it? Does it page to swap?
Can this be prevented by running as root, which can do an mlockall()? Is
the binary suid root to allow non-root users to mlockall()? Are
privileges dropped? Is running suid root the best way to solve this
problem? Is a temp file used to create the encrypted message? Is the
temp file securely wiped? Where is the temp file written? Can simply
encrypting/decrypting by hand and importing/exporting/cutting/pasting
into the mail program an easier way to solve this for paranoid users?

Most mailers fail one or more of these tests. If this hasn't been
discussed, it should be, but it should also be discussed in the context
of whether the system running GPG is secure or not, and how hard would
it be to exploit the bugs. If someone can access your swap, you have all
kinds of problems, not just the possible passphrase recovery from the
swap itself.

As far as the functional bugs as stated below in mailers, I'm sure there
are others as I have seen this type of bug before -- where you are
allowed to sent email unencrypted when you think it is encrypted --
although for the life of me I cannot remember the mail program. IIRC I
did report the error to the mailer's authors, but switched mailers. I
recommend either contacting the authors, writing a patch, or switching
mail programs.

-- 
- Simple Nomad ---- thegnome@nmrc.org ---- thegnome@razor.bindview.com -
- "Patriotism means to stand by the country. It does not mean to stand -
- by the President or any other public official." - Theodore Roosevelt -

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard, advisory
Next by Date:  XSS in yacy 0.31, Donato Ferrante
Previous by Thread:  Inexcusable weakness in Kmail / GnuPG, Thomas C. Greene
Next by Thread:  [VulnWatch] Oracle extproc buffer overflow (#NISR23122004A), NGSSoftware Insight Security Research
Indexes:  [Date] [Thread] [Top] [All Lists]