David E. Ross
2010-11-28 19:40:20 UTC
There is a serious security vulnerability in PGP 10.0.3 Desktop. This
is reported in PGP Advisory SYM10-012 at
<http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00>
and in US-CERT Vulnerability Note VU#300785 at
The signature will still verify.
A patch is available from PGP for the paid version of PGP 10.0.3
Desktop. Does anyone know how to get the patch for the unpaid trial
version under Windows XP?
is reported in PGP Advisory SYM10-012 at
<http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00>
and in US-CERT Vulnerability Note VU#300785 at
The PGP Desktop user interface incorrectly displays
messages with unsigned data as signed. A user will
not be able to distinguish the legitimate signed part
from the malicious unsigned parts.
That is, data can be inserted into a previously signed message or file.messages with unsigned data as signed. A user will
not be able to distinguish the legitimate signed part
from the malicious unsigned parts.
The signature will still verify.
A patch is available from PGP for the paid version of PGP 10.0.3
Desktop. Does anyone know how to get the patch for the unpaid trial
version under Windows XP?
--
David E. Ross
<http://www.rossde.com/>.
Anyone who thinks government owns a monopoly on inefficient, obstructive
bureaucracy has obviously never worked for a large corporation.
© 1997 by David E. Ross
David E. Ross
<http://www.rossde.com/>.
Anyone who thinks government owns a monopoly on inefficient, obstructive
bureaucracy has obviously never worked for a large corporation.
© 1997 by David E. Ross