[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
[mv] Fw: Re: SERIOUS PGP BUG!
****** message to minivend-users from "birgitt" <birgitt@cais.com> ******
----- Original Message -----
From: Howard Lowndes <lannet@LANNET.COM.AU>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Friday, August 25, 2000 7:59 PM
Subject: Re: SERIOUS PGP BUG!
> Just to add to this:
>
> PGP-6.5.1i for UNIX is vulnerable
>
> --
> Howard.
> ______________________________________________________
> LANNet Computing Associates <http://www.lannet.com.au>
>
> On Thu, 24 Aug 2000, Phosgene wrote:
>
> > In case you have not heard there is a serious bug in some versions of PGP
> > related to additonal decryption keys (ADK).
> > For more information look at John Young's site which details some of this:
> > http://cryptome.org/pgp-badbug.htm
> >
> > Quoting from an email on the site:
> >
> > "Tested versions of PGP:
> > PGP-2.6.3ia UNIX (not vulnerable - doesn't support V4 signatures)
> > PGP-5.0i UNIX (not vulnerable)
> > PGP-5.5.3i WINDOWS (VULNERABLE)
> > PGP-6.5.1i WINDOWS (VULNERABLE)
> > GnuPG-1.0.1 UNIX (not vulnerable)"
> >
> > A paper detailing an aspect of the vulnerability is written by Ralf
> > Senderek: http://senderek.de/security/key-experiments.html and his student
> > Stephen Early <Stephen.Early@cl.cam.ac.uk> seems to have worked on
> > detailing this vulnerability as well on the ukcrypto mailing list.
> >
> > Phosgene
> >
>
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
