Signing Oracles with kmail

Sandro Knauß sknauss at kde.org
Mon May 13 23:28:05 BST 2019 

Hey,
 
> Should we release our own advisory? Or at this point that this is all public
> just let it be?

I don't know, when an own advisory is used in past. At least Debian already 
pinged me  (as mantainer, that upstream(KDE) fixed the issue. 

So distribution get the information, that we fixed the issue. But I think the 
information on 404698 is not good enough to understand what needs to be done 
to fix the CVE.

That is what I would write:

To fix the bug properly you should to backport the complete CVE-2019-10732 
branch.

git diff a49182427bbf28142a8b2c9df73a905950b011d6..CVE-2019-10732

Don't get shocked about the amount of changes, most of the stuff is "just" 
autotest. A minimal fix would just update templateparser/src/ and 
mimetreeparser/src/. But I would recommend also update the autotests. 
Especially when backporting you may end up updating the patches minimally and 
autotests should help you make sure that you backport it properly.


> > But the paper [1] not
> > only showed how to be a Decryption Oracles also showed a way to be a
> > Signing Oracles by using html stuff. See appendix B. Does anyone looked
> > at the blinding/conditional options and if we can improve the situation?
> 
> I don't understand appendix B. Is it only a list of CSS stuff KMail
> supports?

yes this is only a list of CSS features, but these features are shown, that 
attacks can trick the display of an mail (6, page 9). Also kmail may just not 
marked as vulnerable, as they only tested the default settings, where HTML 
support is disabled. kmail could/should considering to improve the 
countermeasures (8.2, page 14):

"Conditional CSS makes it easy for an attacker to hide certain text within a 
signed message while showing different text."

-> do we sanitizing those stuff? are there tests for it?
As I don't know currently how we select the CSS features, that are 
whitelisted/blacklisted. I can't say if it is feasible to control this. Or if 
we should use the hammer solution and disable HTML replies:

"They must not sign any quoted HTML/CSS input from the original message [while 
creating a reply], so that they cannot be misused as signing oracles."

What are your thoughts about this?

sandro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2019-10732.patch
Type: text/x-patch
Size: 4699 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20190514/e24cec83/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20190514/e24cec83/attachment.sig>

More information about the kde-pim mailing list