Bugtraq mailing list archives
SERIOUS PGP BUG!
From: Phosgene <phosgene () SETEC ORG>
Date: Thu, 24 Aug 2000 10:28:51 -0400
In case you have not heard there is a serious bug in some versions of PGP related to additonal decryption keys (ADK). For more information look at John Young's site which details some of this: http://cryptome.org/pgp-badbug.htm Quoting from an email on the site: "Tested versions of PGP: PGP-2.6.3ia UNIX (not vulnerable - doesn't support V4 signatures) PGP-5.0i UNIX (not vulnerable) PGP-5.5.3i WINDOWS (VULNERABLE) PGP-6.5.1i WINDOWS (VULNERABLE) GnuPG-1.0.1 UNIX (not vulnerable)" A paper detailing an aspect of the vulnerability is written by Ralf Senderek: http://senderek.de/security/key-experiments.html and his student Stephen Early <Stephen.Early () cl cam ac uk> seems to have worked on detailing this vulnerability as well on the ukcrypto mailing list. Phosgene
Current thread:
- MDKSA-2000:038 - xlockmore update Linux Mandrake Security Team (Aug 23)
- SERIOUS PGP BUG! Phosgene (Aug 24)
- Re: SERIOUS PGP BUG! Howard Lowndes (Aug 26)
- SERIOUS PGP BUG! Phosgene (Aug 24)