[Tech] FW: SERIOUS PGP BUG!
Franco Vite
franco.vite@tin.it
Sab 26 Ago 2000 18:51:40 CEST
Uella', pure il pinguino!
--
ciao Franco
gpg fgpr DE14 622C 623F 0E02 69BA D893 6934 A41A BFD2 6C56
pgp fgpr BFAE DA36 5C14 FD9B 1063 107E CCCE 0525 9C4D 3E9C
<bash# killall -HUP my_little_brain>
----------
> Da: Howard Lowndes <lannet@LANNET.COM.AU>
> Risposta: Howard Lowndes <lannet@LANNET.COM.AU>
> Data: Sat, 26 Aug 2000 09:59:20 +1000
> A: BUGTRAQ@SECURITYFOCUS.COM
> Oggetto: Re: SERIOUS PGP BUG!
>
> Just to add to this:
>
> PGP-6.5.1i for UNIX is vulnerable
>
> --
> Howard.
> ______________________________________________________
> LANNet Computing Associates <http://www.lannet.com.au>
>
> On Thu, 24 Aug 2000, Phosgene wrote:
>
>> In case you have not heard there is a serious bug in some versions of PGP
>> related to additonal decryption keys (ADK).
>> For more information look at John Young's site which details some of this:
>> http://cryptome.org/pgp-badbug.htm
>>
>> Quoting from an email on the site:
>>
>> "Tested versions of PGP:
>> PGP-2.6.3ia UNIX (not vulnerable - doesn't support V4 signatures)
>> PGP-5.0i UNIX (not vulnerable)
>> PGP-5.5.3i WINDOWS (VULNERABLE)
>> PGP-6.5.1i WINDOWS (VULNERABLE)
>> GnuPG-1.0.1 UNIX (not vulnerable)"
>>
>> A paper detailing an aspect of the vulnerability is written by Ralf
>> Senderek: http://senderek.de/security/key-experiments.html and his student
>> Stephen Early <Stephen.Early@cl.cam.ac.uk> seems to have worked on
>> detailing this vulnerability as well on the ukcrypto mailing list.
>>
>> Phosgene
>>
Maggiori informazioni sulla lista
flug-tech