PGP Certificate Server Advisory: Remote Crash Threat Mitigated

A recent report by the Underground Security Systems Research group identifies a weakness in the PGP Certificate Server code that can allow a malicious user to crash the authentication server. Network Associates has released a patch that prevents this particular vulnerability. . . . A recent report by the Underground Security Systems Research group identifies a weakness in the PGP Certificate Server code that can allow a malicious user to crash the authentication server. Network Associates has released a patch that prevents this particular vulnerability. With testing help from KeyLabs, BugNet was able to validate this bug.

PGP Certificate Server is a software package that allows Web sites to authenticate their users. It provides certificate management services that ensure the user connecting to a Web site is, in fact, the legitimate registered user. Sites that would typically use software like this would be Internet retailers, online banks and B2B sites where security is essential.