• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PGP / GnuPG Chosen Ciphertext Message Disclosure Vulnerability

Bugtraq ID:	5446
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Aug 12 2002 12:00AM
Updated:	Aug 12 2002 12:00AM
Credit:	Published by K. Jallad, J. Katz, and B. Schneier.
Vulnerable:	Network Associates PGP Freeware 7.0.3 - Apple Mac OS 9 9.0 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 SR2 - Microsoft Windows 98 b - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 Network Associates PGP 7.1.1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Network Associates PGP 7.1 Network Associates PGP 7.0.4 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 Network Associates PGP 7.0.3 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 Network Associates PGP 7.0 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Network Associates PGP 6.5.8 - HP HP-UX 10.0 - IBM AIX 4.3 - Linux kernel 2.3 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - RedHat Linux 7.0 - Sun Solaris 8 Network Associates PGP 6.5.3 i for Windows - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 Network Associates PGP 6.5.3 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 Network Associates PGP 6.5.1 i for Unix Network Associates PGP 6.5.1 i - HP HP-UX 11.0 - IBM AIX 4.3 - Linux kernel 2.3 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - RedHat Linux 7.0 - Sun Solaris 8 Network Associates PGP 6.5 Linux Network Associates PGP 6.0.2 i - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 Network Associates PGP 6.0.2 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 Network Associates PGP 5.5.5 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 Network Associates PGP 5.5.3 i for Windows - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 Network Associates PGP 5.5.3 i - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 Network Associates PGP 5.0 i - HP HP-UX 11.0 - IBM AIX 4.3 - Linux kernel 2.3 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - RedHat Linux 7.0 - Sun Solaris 8 Network Associates PGP 5.0 Linux Network Associates PGP 5.0 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 IETF OpenPGP RFC 2440 GNU GNU Privacy Guard 1.0.7 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + MandrakeSoft apcupsd 2006.0 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 9.0 + MandrakeSoft Linux Mandrake 8.2 ppc + MandrakeSoft Linux Mandrake 8.2 + MandrakeSoft Multi Network Firewall 2.0 + OpenPKG OpenPKG 1.1 + RedHat Enterprise Linux AS 2.1 IA64 + RedHat Enterprise Linux AS 2.1 + RedHat Enterprise Linux ES 2.1 IA64 + RedHat Enterprise Linux ES 2.1 + RedHat Enterprise Linux WS 2.1 IA64 + RedHat Enterprise Linux WS 2.1 + RedHat Linux 8.0 i386 + RedHat Linux 7.3 i386 + RedHat Linux 7.2 ia64 + RedHat Linux 7.2 i386 + RedHat Linux 7.1 i386 + RedHat Linux Advanced Work Station 2.1 + Sun Linux 5.0.5 + Turbolinux Turbolinux Server 8.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Server 6.5 + Turbolinux Turbolinux Server 6.1 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 + Turbolinux Turbolinux Workstation 6.0 GNU GNU Privacy Guard 1.0.6 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 GNU GNU Privacy Guard 1.0.5 - Caldera OpenLinux 2.4 - Caldera OpenLinux 2.3 - Caldera OpenLinux eBuilder 3.0 - Conectiva Linux 6.0 - Conectiva Linux 5.1 - Conectiva Linux 5.0 - Conectiva Linux 4.2 - Conectiva Linux 4.1 - Conectiva Linux 4.0 es - Conectiva Linux 4.0 - Conectiva Linux graficas - Conectiva Linux ecommerce - Debian Linux 2.2 sparc - Debian Linux 2.2 powerpc - Debian Linux 2.2 arm - Debian Linux 2.2 alpha - Debian Linux 2.2 68k - Debian Linux 2.2 - Immunix Immunix OS 7.0 beta - Immunix Immunix OS 7.0 - Immunix Immunix OS 6.2 - MandrakeSoft Corporate Server 1.0.1 - MandrakeSoft Linux Mandrake 8.1 - MandrakeSoft Linux Mandrake 8.0 ppc - MandrakeSoft Linux Mandrake 8.0 - MandrakeSoft Linux Mandrake 7.2 - MandrakeSoft Linux Mandrake 7.1 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - RedHat Linux 7.1 i386 - RedHat Linux 7.1 - RedHat Linux 7.0 i386 - RedHat Linux 7.0 alpha - RedHat Linux 7.0 - RedHat Linux 6.2 sparc - RedHat Linux 6.2 i386 - RedHat Linux 6.2 alpha - RedHat Linux 6.2 - S.u.S.E. Linux 7.1 - S.u.S.E. Linux 7.0 - S.u.S.E. Linux 6.4 - S.u.S.E. Linux 6.3 - Trustix Secure Linux 1.2 - Trustix Secure Linux 1.1 GNU GNU Privacy Guard 1.0.4 - Turbolinux Turbolinux 6.0.5 - Turbolinux Turbolinux Server 6.5 - Turbolinux Turbolinux Workstation 6.1 GNU GNU Privacy Guard 1.0.3 b GNU GNU Privacy Guard 1.0.3 GNU GNU Privacy Guard 1.0.2 GNU GNU Privacy Guard 1.0.1 GNU GNU Privacy Guard 1.0
Not Vulnerable: