Joachim Breitner
2008-Dec-11 17:41 UTC
[Secure-testing-team] Bug#508479: evolution shows a SMIME signed messages as ok even if modified
Package: evolution Version: 2.22.3.1-1 Severity: important Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, please consider raising the Severity if appropriate. Attached are two very minimal test mails. you can drag?n?drop them in evolution. The (self-signed) key.pem contains a certificate, you can import it a signing authority. Both messages will be shown as correctly verfied, although one is just a copy of the other, with the body modified. Obviously, this is a serious security problem. Thanks, Joachim - -- System Information: Debian Release: 5.0 APT prefers unstable APT policy: (500, ''unstable''), (1, ''experimental'') Architecture: i386 (i686) Kernel: Linux 2.6.25-2-486 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages evolution depends on: ii dbus 1.2.1-4 simple interprocess messaging syst ii evolution-common 2.22.3.1-1 architecture independent files for ii evolution-data-server 2.22.3-1.1 evolution database backend server ii gconf2 2.22.0-1 GNOME configuration database syste ii gnome-icon-theme 2.22.0-1 GNOME Desktop icon theme ii gtkhtml3.14 3.18.3-1 HTML rendering/editing library - b ii libart-2.0-2 2.3.20-2 Library of functions for 2D graphi ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit ii libbluetooth2 3.36-1 Library to use the BlueZ Linux Blu ii libbonobo2-0 2.22.0-1 Bonobo CORBA interfaces library ii libbonoboui2-0 2.22.0-1 The Bonobo UI library ii libc6 2.7-16 GNU C Library: Shared libraries ii libcairo2 1.8.4-1 The Cairo 2D vector graphics libra ii libcamel1.2-11 2.22.3-1.1 The Evolution MIME message handlin ii libdbus-1-3 1.2.1-4 simple interprocess messaging syst ii libdbus-glib-1-2 0.76-1 simple interprocess messaging syst ii libebook1.2-9 2.22.3-1.1 Client library for evolution addre ii libecal1.2-7 2.22.3-1.1 Client library for evolution calen ii libedataserver1.2-9 2.22.3-1.1 Utility library for evolution data ii libedataserverui1.2-8 2.22.3-1.1 GUI utility library for evolution ii libegroupwise1.2-13 2.22.3-1.1 Client library for accessing group ii libexchange-storage1.2 2.22.3-1.1 Client library for accessing Excha ii libfontconfig1 2.6.0-3 generic font configuration library ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib ii libgconf2-4 2.22.0-1 GNOME configuration database syste ii libglade2-0 1:2.6.3-1 library to load .glade files at ru ii libglib2.0-0 2.17.6-1 The GLib library of C routines ii libgnome-pilot2 2.0.15-2.4 Support libraries for gnome-pilot ii libgnome2-0 2.20.1.1-2 The GNOME 2 library - runtime file ii libgnomecanvas2-0 2.20.1.1-1 A powerful object-oriented display ii libgnomeui-0 2.20.1.1-2 The GNOME 2 libraries (User Interf ii libgnomevfs2-0 1:2.22.0-5 GNOME Virtual File System (runtime ii libgtk2.0-0 2.12.11-4 The GTK+ graphical user interface ii libgtkhtml3.14-19 3.18.3-1 HTML rendering/editing library - r ii libhal1 0.5.11-6 Hardware Abstraction Layer - share ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries ii libnm-glib0 0.6.6-2 network management framework (GLib ii libnotify1 [libnotify1 0.4.4-3 sends desktop notifications to a n ii libnspr4-0d 4.7.1-4 NetScape Portable Runtime Library ii libnss3-1d 3.12.0-5 Network Security Service libraries ii liborbit2 1:2.14.16-0.1 libraries for ORBit2 - a CORBA ORB ii libpango1.0-0 1.22.3-1 Layout and rendering of internatio ii libpisock9 0.12.3-5 library for communicating with a P ii libpisync1 0.12.3-5 synchronization library for PalmOS ii libpixman-1-0 0.12.0-1 pixel-manipulation library for X a ii libpng12-0 1.2.27-2 PNG library - runtime ii libpopt0 1.14-4 lib for parsing cmdline parameters ii libsm6 2:1.0.3-2 X11 Session Management library ii libsoup2.4-1 2.4.1-2 an HTTP library implementation in ii libusb-0.1-4 2:0.1.12-13 userspace USB programming library ii libx11-6 2:1.1.5-2 X11 client-side library ii libxcb-render-util0 0.2.1+git1-1 utility libraries for X C Binding ii libxcb-render0 1.1-1.1 X C Binding, render extension ii libxcb1 1.1-1.1 X C Binding ii libxcursor1 1:1.1.9-1 X cursor management library ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxfixes3 1:4.0.3-2 X11 miscellaneous ''fixes'' extensio ii libxi6 2:1.1.4-1 X11 Input extension library ii libxinerama1 2:1.0.3-2 X11 Xinerama extension library ii libxml2 2.6.32.dfsg-5 GNOME XML library ii libxrandr2 2:1.2.3-1 X11 RandR extension library ii libxrender1 1:0.9.4-2 X Rendering Extension client libra ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages evolution recommends: pn bogofilter | spamassassin <none> (no description available) ii evolution-plugins 2.22.3.1-1 standard plugins for Evolution pn evolution-webcal <none> (no description available) ii gnome-desktop-data 2.22.3-2 Common files for GNOME 2 desktop a pn gnome-pilot-conduits <none> (no description available) ii yelp 2.22.1-8+b1 Help browser for GNOME 2 Versions of packages evolution suggests: ii bug-buddy 2.22.0+dfsg-3 GNOME Desktop Environment bug repo pn evolution-dbg <none> (no description available) pn evolution-exchange <none> (no description available) pn evolution-plugins-experime <none> (no description available) ii gnome-spell 1.0.7-1 GNOME/Bonobo component for spell c ii gnupg 1.4.9-3 GNU privacy guard - a free PGP rep pn network-manager <none> (no description available) - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAklBUMcACgkQ9ijrk0dDIGxh3ACeMaWboLHo3fpTp3qGKNkv6ZFY agQAn0dutzABqF1A6oVoDaSLIj2hDhFC =QbCj -----END PGP SIGNATURE----- -------------- next part -------------- -----BEGIN CERTIFICATE----- MIICsDCCAhmgAwIBAgIJALm/ktfTThI6MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMDgwODIxMTAyMTMzWhcNMDkwODIxMTAyMTMzWjBF MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQDUP+IQ3dUBmUUmae9M46UtYRLG71m/lanfHGwG48EmKYvcFeV4RaKBMaPlwTQB DxG22DbuTShiXMu75xJEuXzgO112NvHBm802v3w27ZRYfjk1qJur3xMA02kPNfrS dlNITmoJoqXwXXFXSjreffaUROEhTfqjxqEuplqSPAI1dQIDAQABo4GnMIGkMB0G A1UdDgQWBBTsfAPTeiG2FVsdv6P/Qs06Qhxa6zB1BgNVHSMEbjBsgBTsfAPTeiG2 FVsdv6P/Qs06Qhxa66FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJALm/ktfT ThI6MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAhBjp1EJjAB9MWR28 +kkcWTIErR+CsNQaSj0QIC4+klPegP8xP65qYbEaNTKI3n0Hlu7YhNAbmSb/0YFE wKM+t4jd57HHAL/mDjkyqsIr/RW6RmXzMj5KfJ667WuSfkO177YcaaLb/GYr+WMo 1CjUH+ukSgYogpvplTnNtgKGtTc-----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDUP+IQ3dUBmUUmae9M46UtYRLG71m/lanfHGwG48EmKYvcFeV4 RaKBMaPlwTQBDxG22DbuTShiXMu75xJEuXzgO112NvHBm802v3w27ZRYfjk1qJur 3xMA02kPNfrSdlNITmoJoqXwXXFXSjreffaUROEhTfqjxqEuplqSPAI1dQIDAQAB AoGBALcu03tfGWGh2K6Iq0GfD4YUy9Hp7XmOP+gRbaKcmqzHGrA+LagZ4WDDaQL4 Nlvbl5xJC0+sQ/hwwl1P1tJ9jCmfhnbvZGYvuPVqNGtZC6M/pg0MewYZ3hYqqvpe lMcw+/bnrjIV55t3Uuuu7nipGhUWilA6j4jdIeDVfBh6PLFBAkEA+YsmO5SWqgwj TN/qZ9NWUsNvN25Z/CJBfeKcBYUgW6fwUyh31bLWXymURnibSFaPZEHoJo5ERAt9 QcO5QtyYvQJBANm9t45BBJTUgWgC6iEnig/T0orP35CHsIfXFKJK7Q1NpZOyNG25 TFhtdXd89lCGOE7jIxTLnKdHOvDvv19kpxkCQFT+si0E9TRCIhvjAIIQl4xlCJKG wZuBR3FLJ/0xVM4jK1YHqJle6mlLTjeaiLlg0kJBuIK5XkMW7rjho05EuLkCQQC7 yUPqGqbh2Jg2ZPUZXOlUFyIod3jfRDb6IIN6KFZjN8kKJRHUY4+1X8mEILCp5+fe GURjJetX1TW/H3WTxtHZAkACRvJEDDN6CtR+w9IZEDUIEn4/shSiTvbvc/cajMnE kuRde1qLozzWb2NArz5QSrK9+l7CYbF5TERXIdTcKnX8 -----END RSA PRIVATE KEY----- -------------- next part -------------->From me at herFrom: me at hier To: you at there Subject: test MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="----592BC18E2E1548F0257E2BFC67A543F8" This is an S/MIME signed message ------592BC18E2E1548F0257E2BFC67A543F8 Content-type: text/plain This is the body ------592BC18E2E1548F0257E2BFC67A543F8 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIIEygYJKoZIhvcNAQcCoIIEuzCCBLcCAQExCzAJBgUrDgMCGgUAMD0GCSqGSIb3 DQEHAaAwBC5Db250ZW50LXR5cGU6IHRleHQvcGxhaW4NCg0KVGhpcyBpcyB0aGUg Ym9keQ0KoIICtDCCArAwggIZoAMCAQICCQC5v5LX004SOjANBgkqhkiG9w0BAQUF ADBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMY SW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTA4MDgyMTEwMjEzM1oXDTA5MDgy MTEwMjEzM1owRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAf BgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEF AAOBjQAwgYkCgYEA1D/iEN3VAZlFJmnvTOOlLWESxu9Zv5Wp3xxsBuPBJimL3BXl eEWigTGj5cE0AQ8Rttg27k0oYlzLu+cSRLl84DtddjbxwZvNNr98Nu2UWH45Naib q98TANNpDzX60nZTSE5qCaKl8F1xV0o63n32lEThIU36o8ahLqZakjwCNXUCAwEA AaOBpzCBpDAdBgNVHQ4EFgQU7HwD03ohthVbHb+j/0LNOkIcWuswdQYDVR0jBG4w bIAU7HwD03ohthVbHb+j/0LNOkIcWuuhSaRHMEUxCzAJBgNVBAYTAkFVMRMwEQYD VQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBM dGSCCQC5v5LX004SOjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIQY 6dRCYwAfTFkdvPpJHFkyBK0fgrDUGko9ECAuPpJT3oD/MT+uamGxGjUyiN59B5bu 2ITQG5km/9GBRMCjPreI3eexxwC/5g45MqrCK/0VukZl8zI+Snyeuu1rkn5Dte+2 HGmi2/xmK/ljKNQo1B/rpEoGKIKb6ZU5zbYChrU3MYIBrDCCAagCAQEwUjBFMQsw CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu ZXQgV2lkZ2l0cyBQdHkgTHRkAgkAub+S19NOEjowCQYFKw4DAhoFAKCBsTAYBgkq hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wODEyMTExNzM0 MDBaMCMGCSqGSIb3DQEJBDEWBBQa9eNqWrao9GXK2DxxjVBdwtFtyDBSBgkqhkiG 9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASBgDrM SNDNcfWN4wgcmAVBgRtT0h4PyK06nSYXVNxx84nltU/LdeJdJassOcwYzIsMTRah LdwclONqDwnkKppOtiKCZG7i/FhDnQnrkPmEupAd93rkyNYv7wtDG+gVJoClFB13 o1rMjfYH/huHrVkhfhTU2Gmrkx9iyLLDExJYpLvj ------592BC18E2E1548F0257E2BFC67A543F8-- -------------- next part -------------->From me at herFrom: me at hier To: you at there Subject: test MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="----592BC18E2E1548F0257E2BFC67A543F8" This is an S/MIME signed message ------592BC18E2E1548F0257E2BFC67A543F8 Content-type: text/plain This is the modified body ------592BC18E2E1548F0257E2BFC67A543F8 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIIEygYJKoZIhvcNAQcCoIIEuzCCBLcCAQExCzAJBgUrDgMCGgUAMD0GCSqGSIb3 DQEHAaAwBC5Db250ZW50LXR5cGU6IHRleHQvcGxhaW4NCg0KVGhpcyBpcyB0aGUg Ym9keQ0KoIICtDCCArAwggIZoAMCAQICCQC5v5LX004SOjANBgkqhkiG9w0BAQUF ADBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMY SW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTA4MDgyMTEwMjEzM1oXDTA5MDgy MTEwMjEzM1owRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAf BgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEF AAOBjQAwgYkCgYEA1D/iEN3VAZlFJmnvTOOlLWESxu9Zv5Wp3xxsBuPBJimL3BXl eEWigTGj5cE0AQ8Rttg27k0oYlzLu+cSRLl84DtddjbxwZvNNr98Nu2UWH45Naib q98TANNpDzX60nZTSE5qCaKl8F1xV0o63n32lEThIU36o8ahLqZakjwCNXUCAwEA AaOBpzCBpDAdBgNVHQ4EFgQU7HwD03ohthVbHb+j/0LNOkIcWuswdQYDVR0jBG4w bIAU7HwD03ohthVbHb+j/0LNOkIcWuuhSaRHMEUxCzAJBgNVBAYTAkFVMRMwEQYD VQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBM dGSCCQC5v5LX004SOjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIQY 6dRCYwAfTFkdvPpJHFkyBK0fgrDUGko9ECAuPpJT3oD/MT+uamGxGjUyiN59B5bu 2ITQG5km/9GBRMCjPreI3eexxwC/5g45MqrCK/0VukZl8zI+Snyeuu1rkn5Dte+2 HGmi2/xmK/ljKNQo1B/rpEoGKIKb6ZU5zbYChrU3MYIBrDCCAagCAQEwUjBFMQsw CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu ZXQgV2lkZ2l0cyBQdHkgTHRkAgkAub+S19NOEjowCQYFKw4DAhoFAKCBsTAYBgkq hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wODEyMTExNzM0 MDBaMCMGCSqGSIb3DQEJBDEWBBQa9eNqWrao9GXK2DxxjVBdwtFtyDBSBgkqhkiG 9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASBgDrM SNDNcfWN4wgcmAVBgRtT0h4PyK06nSYXVNxx84nltU/LdeJdJassOcwYzIsMTRah LdwclONqDwnkKppOtiKCZG7i/FhDnQnrkPmEupAd93rkyNYv7wtDG+gVJoClFB13 o1rMjfYH/huHrVkhfhTU2Gmrkx9iyLLDExJYpLvj ------592BC18E2E1548F0257E2BFC67A543F8--