S/MIME vulnerability

"Hal Finney" <hal@finney.org> Tue, 03 September 2002 19:06 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA09736 for <openpgp-archive@lists.ietf.org>; Tue, 3 Sep 2002 15:06:33 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g83IoOI25285 for ietf-openpgp-bks; Tue, 3 Sep 2002 11:50:24 -0700 (PDT)
Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g83IoN225281 for <ietf-openpgp@imc.org>; Tue, 3 Sep 2002 11:50:23 -0700 (PDT)
Received: (from hal@localhost) by finney.org (8.11.6/8.11.6) id g83Inva21220 for ietf-openpgp@imc.org; Tue, 3 Sep 2002 11:49:57 -0700
Date: Tue, 3 Sep 2002 11:49:57 -0700
From: "Hal Finney" <hal@finney.org>
Message-Id: <200209031849.g83Inva21220@finney.org>
To: ietf-openpgp@imc.org
Subject: S/MIME vulnerability
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

There is a report out recently indicating that Microsoft Outlook has a
major S/MIME security vulnerability.  See
http://online.securityfocus.com/archive/1/290107/2002-08-31/2002-09-06/0
or http://www.theregus.com/content/4/26172.html.

It is the same bug which was publicized a few weeks ago regarding SSL
site certificates.  Although at the time Microsoft claimed that the problem
was restricted to IE, it turns out that Outlook is affected too.

Basically the Microsoft software fails to distinguish which keys are
meant to be signers of other keys.  Essentially, all keys are trusted
as signers, if those keys are signed by other valid keys.  The effect
is that virtually any key can be used to sign another.

The S/MIME world uses X.509 certificates, of course, and so what it
means is that if you have a cert from Verisign, say, then you can create
certs on any key with any name you like, and the Microsoft software will
believe them.  Outlook will accept a signed message from one of these
bogus certs and will display the signer name (which you created and can
be anything you want) as valid, without any warnings or error indications.

The Bugtraq article says,

> As it stands, there is virtually no difference between signed and unsigned
> email in Outlook.  Unless carefully inspected, signed email in Outlook is
> essentially meaningless.  This also applies to any signed email received
> over the past 5+ years.

This is a very serious security vulnerability to have gone so long without
being detected.

Hal Finney