NAI PGP Certificate Server Unresolvable IP DoS

medium Nessus Plugin ID 10442

Synopsis

The remote service is vulnerable to a denial of service.

Description

It was possible to make the remote PGP Cert Server crash by spoofing a TCP connection that seems to come from an unresolvable IP address.

An attacker may use this flaw to prevent your PGP certificate server from working properly.

Solution

Upgrade to the latest version.

Plugin Details

Severity: Medium

ID: 10442

File Name: PGPCert_DoS.nasl

Version: 1.27

Type: remote

Published: 6/22/2000

Updated: 10/7/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2000-0543

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Vulnerability Information

CPE: cpe:/a:pgp:certificate_server

Exploit Ease: No known exploits are available

Patch Publication Date: 6/14/2000

Vulnerability Publication Date: 6/14/2000

Reference Information

CVE: CVE-2000-0543

BID: 1343