• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: PGP ASCII Armor Parser Arbitrary File Creation Vulnerability

Severity: MODERATE

Description:

ASCII Armor is a text based encoding format used by PGP (Pretty Good Privacy). While it is possible to encode any file using ASCII Armor, it is used by PGP to encode signature files and public keys to facilitate transmission in e-mail messages. ASCII Armor files contain a filename and an encoded payload, much like UUEncoded files.

Signing a document with PGP produces a signature (.sig) file with a name corresponding to the filename of the document. For example, PGP would produce notes.doc.sig if it signed notes.doc.

The authenticity of a document can be verified if a user has the creator's public key, and if the document was signed by the creator.

When a user opens a document for verification in PGP, its corresponding .sig file must be decoded from ASCII Armor.

Due to a flaw in the implementation of the decoder:

- The parser will automatically extract the contents of the armored file
- The file is extracted regardless of whether or not it is a valid signature.

This allows the creation of an arbitrary file on the user's system. Where the file is created is dependant on how the user invoked the parser. The file could be created in the 'temp' directory, the directory in which the email client exists or the directory where the armored file resides.

Affected Products:

• Network Associates PGP 5.0.0
• Network Associates PGP 5.0.0i
• Network Associates PGP 5.5.3i
• Network Associates PGP 5.5.5
• Network Associates PGP 6.0.2
• Network Associates PGP 6.0.2i
• Network Associates PGP 6.5.1i
• Network Associates PGP 6.5.3
• Network Associates PGP 6.5.8
• Network Associates PGP 7.0.3
• Network Associates PGP 7.0.4

References:

• @stake: Windows PGP (Pretty Good Privacy) ASCII Armor Parser Vulnerability
• Network Associates Inc.: PGP Certificate Server Product Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.