Bugtraq mailing list archives
Re: SERIOUS PGP BUG!
From: Howard Lowndes <lannet () LANNET COM AU>
Date: Sat, 26 Aug 2000 09:59:20 +1000
Just to add to this: PGP-6.5.1i for UNIX is vulnerable -- Howard. ______________________________________________________ LANNet Computing Associates <http://www.lannet.com.au> On Thu, 24 Aug 2000, Phosgene wrote:
In case you have not heard there is a serious bug in some versions of PGP related to additonal decryption keys (ADK). For more information look at John Young's site which details some of this: http://cryptome.org/pgp-badbug.htm Quoting from an email on the site: "Tested versions of PGP: PGP-2.6.3ia UNIX (not vulnerable - doesn't support V4 signatures) PGP-5.0i UNIX (not vulnerable) PGP-5.5.3i WINDOWS (VULNERABLE) PGP-6.5.1i WINDOWS (VULNERABLE) GnuPG-1.0.1 UNIX (not vulnerable)" A paper detailing an aspect of the vulnerability is written by Ralf Senderek: http://senderek.de/security/key-experiments.html and his student Stephen Early <Stephen.Early () cl cam ac uk> seems to have worked on detailing this vulnerability as well on the ukcrypto mailing list. Phosgene
Current thread:
- MDKSA-2000:038 - xlockmore update Linux Mandrake Security Team (Aug 23)
- SERIOUS PGP BUG! Phosgene (Aug 24)
- Re: SERIOUS PGP BUG! Howard Lowndes (Aug 26)
- SERIOUS PGP BUG! Phosgene (Aug 24)