COMMAND
PGP
SYSTEMS AFFECTED
PGP (Pretty good privacy) Version 5 to 7.0.3 (latest)
PROBLEM
Following is based on a @stake Security Advisory by Chris Anley.
PGP (Pretty Good Privacy) is a suite of encryption tools
originally published in 1991 by Phil Zimmermann to enhance
personal privacy. It has become the de facto standard for email
encryption, winning numerous industry awards and spawning a
variety of alternative versions.
PGP Security, Inc. currently maintains the commercial version of
PGP also providing a version that is freely downloadable.
The PGP ASCII Armor parser provided with most versions of PGP
contains a behaviour that allows the creation of an arbitrary file
in the same directory as the armored file. Since this file can
contain arbitrary bytes, this can easily lead to the execution of
arbitrary code on the Windows platform.
SOLUTION
To correct this behavior, PGP has issued a patch. Users may
download the patch at the following URLs.
PGP Desktop Security 7.0.4 Hotfix 1:
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.04/hotfix/PGPDS704Hotfix1.zip
PGPfreeware 7.0.3 Hotfix 1:
http://download.nai.com/products/freeware/pgp/windows/version_7.03/hotfix/PGPfreeware703Hotfix1.zip
This patch will add all PGP DLLs to the KnownDLLs list in the
registry. In addition, it will notify users with the Save As
dialog if any DLL is saved in the course of parsing a PGP file.
The registry patch will make certain that none of PGP's DLLs
could ever be subverted with this method. The notification will
help to ensure that users are aware that a DLL which may belong to
a third party application was extracted. Note that while this
patch solves the problem for PGP, it does not solve the problem
for Windows in general, and it is very likely that other issues
of this nature may exist in other Windows software.
These patches will be a standard part of future versions of PGP
for Windows.