digital signature
Dear Mr. Naujoks,
yes, I can see your point, too.
I totally agree that users need to be educated, but I still think
that MS Office shall take a share to educate and inform users of
their digital signature's scope.
From: "Naujoks, Hans-Dietmar" <Hans-Dietmar.Naujoks@tuev-sued.de>
Date: 12/14/2007 2:56:15 PM +010
> [...]
> In fact the visual clue you gave for a signed document in Word 2007
-----Ursprngliche Nachricht-----
Von: Henrich C. Poehls [mailto:poehls@informatik.uni-hamburg.de]
Gesendet: Freitag, 14. Dezember 2007 12:08
An: Naujoks, Hans-Dietmar
Cc: bugtraq@securityfocus.com
Betreff: Re: MS Office 2007: Digital Signature does not protect Meta-Data
Dear Mr. Naujoks,
thanks for the feedback.
I do think that most people, certainly the users, would feel that this
data belongs to the "document", and would be protected when the
"document" is signed.
Considering that the signature creation time is stored and protected by
the digital signature might help against modified creation times (and
mitigate 2). But applications must consider this, and at least in MS
Word the signature creation time is not displayed next to the other
metadata, but (at least) next to the signature properties.
> This fits the way we use attaching metadata during the process of
> -----Urspr=C3=BCngliche Nachricht-----
> Von: poehls@informatik.uni-hamburg.de [mailto:poehls@informatik.uni-hambu=
rg.de]=20
> Gesendet: Mittwoch, 12. Dezember 2007 11:35
> An: bugtraq@securityfocus.com
> Betreff: MS Office 2007: Digital Signature does not protect Meta-Data
>=20
>=20
> Affects: Microsoft Office 2007 (12.0.6015.5000)=20
>=20
> MSO (12.0.6017.5000)=20
privileges. (CVE-2010-4470)
It was discovered that the Java2D subcomponent, when processing broken
CFF fonts could leak system properties. (CVE-2010-4471)
It was discovered that a flaw in the XML Digital Signature
component could allow an attacker to cause untrusted code to
replace the XML Digital Signature Transform or C14N algorithm
implementations. (CVE-2010-4472)
Konstantin Preier and others discovered that specific double literals
privileges. (CVE-2010-4470)
It was discovered that the Java2D subcomponent, when processing broken
CFF fonts could leak system properties. (CVE-2010-4471)
It was discovered that a flaw in the XML Digital Signature
component could allow an attacker to cause untrusted code to
replace the XML Digital Signature Transform or C14N algorithm
implementations. (CVE-2010-4472)
Konstantin Preier and others discovered that specific double literals
privileges. (CVE-2010-4470)
It was discovered that the Java2D subcomponent, when processing broken
CFF fonts could leak system properties. (CVE-2010-4471)
It was discovered that a flaw in the XML Digital Signature
component could allow an attacker to cause untrusted code to
replace the XML Digital Signature Transform or C14N algorithm
implementations. (CVE-2010-4472)
Konstantin Preier and others discovered that specific double literals
and exception text (CVE-2010-4471).
Unspecified vulnerability in the Java Runtime Environment (JRE)
in Oracle Java SE and Java for Business 6 Update 23 and earlier
allows remote attackers to affect availability, related to
XML Digital Signature and unspecified APIs. NOTE: the previous
information was obtained from the February 2011 CPU. Oracle has
not commented on claims from a downstream vendor that this issue
involves the replacement of the XML DSig Transform or C14N algorithm
implementations. (CVE-2010-4472)
-----Ursprngliche Nachricht-----
Von: poehls@informatik.uni-hamburg.de [mailto:poehls@informatik.uni-hamburg.de]
Gesendet: Mittwoch, 12. Dezember 2007 11:35
An: bugtraq@securityfocus.com
Betreff: MS Office 2007: Digital Signature does not protect Meta-Data
Affects: Microsoft Office 2007 (12.0.6015.5000)
MSO (12.0.6017.5000)
28:28:c5:e9:0f:73:b0:17:4b:13:4c:99:75:d0:44:
e6:7e:08:6c:1a:f2:4f:1b:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Non Repudiation, Certificate Sign,
CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
A7:04:60:1F:AB:72:43:08:C5:7F:08:90:55:56:1C:D6:CE:E6:38:EB
Debian-specific: no
CVE ID : CVE-2011-2516
Debian bug : 632973
It has been discovered that xml-security-c, an implementation of the XML
Digital Signature and Encryption specifications, is not properly handling
RSA keys of sizes on the order of 8192 or more bits. This allows an
attacker to crash applications using this functionality or potentially
execute arbitrary code by tricking an application into verifying a signature
created with a sufficiently long RSA key.
general purpose cryptography library.
II. Problem Description
The EVP_VerifyFinal() function from OpenSSL is used to determine if a
digital signature is valid. The SSL layer in OpenSSL uses
EVP_VerifyFinal(), which in several places checks the return value
incorrectly and treats verification errors as a good signature. This
is only a problem for DSA and ECDSA keys.
III. Impact
library.
II. Problem Description
The DSA_do_verify() function from OpenSSL is used to determine if a
DSA digital signature is valid. When DNSSEC is used within BIND it
uses DSA_do_verify() to verify DSA signatures, but checks the function
return value incorrectly.
III. Impact
==>>
Summing up, an attacker is able to upload arbitrary executable files to
remote clients and then immediately execute them without notice as a
signed Java applet / ActiveX is being used (if "Always trust content
from this publisher" has been checked - otherwise an unsuspicious Java
digital signature verification popup will occur).
Possible attack vectors are drive-by downloads just by visiting
malicious websites but also through emails, any XSS on unsuspicious
websites, etc.
==>>
Summing up, an attacker is able to upload arbitrary executable files to
remote clients and then immediately execute them without notice as a
signed Java applet is being used (if "Always trust content from this
publisher" has been checked - otherwise an unsuspicious Java digital
signature verification popup will occur).
Possible attack vectors are drive-by downloads just by visiting
malicious websites but also through emails, any XSS on unsuspicous
websites, etc.
malicious page or open a malicious file.
The specific flaw exists within CSDWebInstaller.ocx ActiveX control. The
vulnerable Cisco-signed ActiveX control verifies the signing authority
names in the certificate chain but fails to properly verify the digital
signature of an executable file that is downloaded and executed by the
Cisco Secure Desktop installation process. A remote attacker can exploit
this vulnerability to execute arbitrary code under the context of the
browser.
-- Vendor Response:
By contrast, if an application which does not have a valid signature opens
a network port, the firewall swings into action.
In restricted mode, simply trying to start a service brings up a window
asking the user for permission. The system records this choice and enters
it into the firewall's exceptions list. Hitherto Apple furnishes unsigned
programs with a digital signature in the process.
If changes are made to the program subsequently, the permission is withdrawn.
Code signing becomes a problem when an application performs its own
self-integrity check and determines that the file on the hard disk has
been changed. The firewall's code signature changes the checksum of
a trusted third party, is embedded in the signed document.
II. Problem Description
The digital signature and the certificates are stored in the
ODF ZIP container in the file META-INF\documentsignatures.xml.
OpenOffice does store the public-key certificate in X509 format
in the XML file under META-INF\documentsignatures.xml.
Additionally OpenOffice replicates all the information contained
|
