PGP ASCII Armor解析器创建任意文件漏洞

漏洞信息详情

PGP ASCII Armor解析器创建任意文件漏洞

• CNNVD编号：CNNVD-200106-101
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2001-0265
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2001-06-18
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2006-09-22
  
• 厂        商：
  
  pgp
• 漏洞来源：
  Discovered by Chri…

Windows PGP 7.0.3及其早期版本的ASCII Armor解析器存在漏洞。攻击者可以借助畸形ASCII装甲文件在任意位置创建文件。

Network Associates has released a patch which rectifies this issue. The patch is for PGP under the Windows platform for Freeware version 7.0.3 and Desktop Security version 7.0.4:
Network Associates PGP 7.0.3

• Network Associates PGPfreeware703Hotfix1
  
  http://download.nai.com/products/freeware/pgp/windows/version_7.03/hot
  fix/PGPfreeware703Hotfix1.zip

Network Associates PGP 7.0.4

• Network Associates PGPDS704Hotfix1
  
  http://download.nai.com/products/licensed/pgp/desktop_security/windows
  /version_7.04/hotfix/PGPDS704Hotfix1.zip

来源: ATSTAKE
名称: A040901-1
链接:http://www.atstake.com/research/advisories/2001/a040901-1.txt

来源: XF
名称: pgp-armor-code-execution(6643)
链接:http://xforce.iss.net/static/6643.php

来源: BID
名称: 2556
链接:http://www.securityfocus.com/bid/2556

来源: OSVDB
名称: 1782
链接:http://www.osvdb.org/1782