Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1016

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1016
Last Modified 05 Sep 2008 04:25:28
Published 04 Sep 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1016

Summary

PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability."

Vulnerable Systems

Application

  • Pgp 5.0

  • Pgp 6.0.2

  • Pgp Corporate Desktop 7.1

  • Pgp E-business Server 6.5.8

  • Pgp E-business Server 7.0.4

  • Pgp E-business Server 7.1

  • Pgp Freeware 7.0.3

  • Pgp Personal Security 7.0.3


References

XF - pgp-invalid-key-display(7081)

BID - 3280

BUGTRAQ - 20010904 PGPsdk Key Validity Vulnerability

CONFIRM - http://www.pgp.com/support/product-advisories/pgpsdk.asp

OSVDB - 1946


Last Updated: 27 May 2016 10:36:29