PGP Desktop Signed Data Spoofing Vulnerability Network Vulnerability

Summary

This host is running PGP Desktop and is prone to signed data spoofing Vulnerability

Impact

Successful exploitation will allow attacker to spoof signed data by concatenating an additional message to the end of a legitimately signed message.

Solution

Upgrade to version 10.0.3 SP2, 10.1.0 SP1 or higher, For updates refer to http://www.pgp.com/products/desktop/index.html

Insight

This flaw is caused by an error when verifying encrypted or signed data, which could allow attackers to insert unsigned packets or encrypted data into an OpenPGP message containing signed and/or encrypted data.

Affected

PGP Desktop version 10.0.x to 10.0.3 and 10.1.0

References

http://www.kb.cert.org/vuls/id/300785
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00
http://www.vupen.com/english/advisories/2010/3026

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-3618

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat Multiple Vulnerabilities-01 (Nov14)
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
Apache Tomcat AJP Request Remote Denial Of Service Vulnerability
Adobe Reader Multiple Vulnerabilities - Aug07 (Linux)
Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)

Take action and discover your vulnerabilities