PGP4pine Encryption Failure Vulnerability
BID:2405
Info
PGP4pine Encryption Failure Vulnerability
| Bugtraq ID: | 2405 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 20 2001 12:00AM |
| Updated: | Feb 20 2001 12:00AM |
| Credit: | Reported to bugtraq by V. Alex Brennen <[email protected]> on Tue, 20 Feb 2001 |
| Vulnerable: |
Holger Lamm pgp4pine 1.75.6 |
| Not Vulnerable: | |
Discussion
PGP4pine Encryption Failure Vulnerability
A version pgp4pine fails to properly report error messages from Gnu Privacy Guard with respect to a failure of the encryption process. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext.
A version pgp4pine fails to properly report error messages from Gnu Privacy Guard with respect to a failure of the encryption process. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext.
Exploit / POC
PGP4pine Encryption Failure Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
PGP4pine Encryption Failure Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
PGP4pine Encryption Failure Vulnerability
References:
References: