[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
For full advisory, please see: http://www.vikbajaj.com/security/incident/august-25/ Architectural Vulnerability in PGP ADK Implementation SANS Global Incident Analysis Center http://www.sans.org/giac.htm August 25, 2000 Vik Bajaj <vikbajaj@mit.edu> Product: NAI PGP versions 5.5 - 6.5.3 Scope: Senders can be tricked into sending encrypted messages readable by a third party. Solution: Download the latest version of PGP or a patch from http://www.pgp.com (commercial) or http://web.mit.edu/network/pgp.html (freeware). Alternatively, downgrade to PGP 2, which is not vulnerable. Summary ------- A serious architectural vulnerability in all Network Associates Inc. (NAI) Version 5 and 6 implementations of Pretty Good Privacy (PGP) has been identified by Ralf Senderek[1] and confirmed by Bruce Schneier, NAI and others. [text deleted] Acknowledgements ---------------- Chris Brenton <cbrenton@sover.net> Danielle Thesier <dthesier@med.upenn.edu> -V. ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug