PGP Desktop Signed Data Spoofing Vulnerability Network Vulnerability

Summary

This host is running PGP Desktop and is prone to signed data spoofing Vulnerability

Impact

Successful exploitation will allow attacker to spoof signed data by concatenating an additional message to the end of a legitimately signed message.

Solution

Upgrade to version 10.0.3 SP2, 10.1.0 SP1 or higher, For updates refer to http://www.pgp.com/products/desktop/index.html

Insight

This flaw is caused by an error when verifying encrypted or signed data, which could allow attackers to insert unsigned packets or encrypted data into an OpenPGP message containing signed and/or encrypted data.

Affected

PGP Desktop version 10.0.x to 10.0.3 and 10.1.0

References

http://www.kb.cert.org/vuls/id/300785
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00
http://www.vupen.com/english/advisories/2010/3026

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-3618

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
Asterisk Missing ACL Check Remote Security Bypass Vulnerability
Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
Apple Safari 'javascript: URI' XSS Vulnerability - Sep09
Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)

Take action and discover your vulnerabilities