|
PGP Corporate Desktop 7.1.1 has remotely exploitable buffer overflow
|
|
Secunia Advisory:
|
SA7073
|
|
|
Release Date:
|
2002-09-05
|
|
Last Update:
|
2003-11-06
|
|
Popularity:
|
3,459 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | PGP 7.x
PGP Corporate Desktop 7.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2002-0850
|
|
Description:
PGP does not properly handle the length of filenames, because of this it is possible to cause a buffer overflow.
The buffer overflow, could potentially be used to execute arbitrary code on the client system which tries to decrypt the file.
By default PGP writes the version number in keyblocks, thus it is possible to search for users og PGP keyservers which run vulnerable version 7.1.1
Solution:
PGP Corporation has supplied a hot fix:
http://www.nai.com/naicommon/download/upgrade/patches/patch-pgphotfix.asp
We recommend that you apply this patch immidiatedly.
Provided and/or discovered by:
Foundstone Labs
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
