[PLUG] PGP ADK Vulnerability.

Vik Bajaj on Sun, 27 Aug 2000 00:19:41 -0400 (EDT)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] PGP ADK Vulnerability.

From: Vik Bajaj <vbajaj@sas.upenn.edu>

To: plug@lists.phillylinux.org

Subject: [PLUG] PGP ADK Vulnerability.

Date: Sun, 27 Aug 2000 00:18:15 -0400 (EDT)

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

For full advisory, please see: http://www.vikbajaj.com/security/incident/august-25/ Architectural Vulnerability in PGP ADK Implementation SANS Global Incident Analysis Center http://www.sans.org/giac.htm August 25, 2000 Vik Bajaj <vikbajaj@mit.edu> Product: NAI PGP versions 5.5 - 6.5.3 Scope: Senders can be tricked into sending encrypted messages readable by a third party. Solution: Download the latest version of PGP or a patch from http://www.pgp.com (commercial) or http://web.mit.edu/network/pgp.html (freeware). Alternatively, downgrade to PGP 2, which is not vulnerable. Summary ------- A serious architectural vulnerability in all Network Associates Inc. (NAI) Version 5 and 6 implementations of Pretty Good Privacy (PGP) has been identified by Ralf Senderek[1] and confirmed by Bruce Schneier, NAI and others. [text deleted] Acknowledgements ---------------- Chris Brenton <cbrenton@sover.net> Danielle Thesier <dthesier@med.upenn.edu> -V. ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

Follow-Ups:

Re: [PLUG] PGP ADK Vulnerability.
From: Beldon Dominello <beldon@speakeasy.org>

Prev by Date: Re: [PLUG] Remote Authentication

Next by Date: Re: [PLUG] PGP ADK Vulnerability.

Previous by thread: Re: [PLUG] Remote Authentication

Next by thread: Re: [PLUG] PGP ADK Vulnerability.

Index(es):

Date

Thread