 |
|
|
|
TITLE:
PGP Desktop Wipe Free Space Security Issue
SECUNIA ADVISORY ID:
SA17827
VERIFY ADVISORY:
http://secunia.com/advisories/17827/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
Local system
SOFTWARE:
PGP Corporate Desktop 8.x
http://secunia.com/product/2514/
PGP Corporate Desktop 9.x
http://secunia.com/product/6432/
DESCRIPTION:
Vinnie Liu has reported a security issue in PGP Desktop, which can be
exploited by malicious people to disclose potentially sensitive
information.
The security issue is caused due to data contained within the slack
space of files on a NTFS drive not being correctly wiped when the
Wipe Free Space tool is used. This can potentially be exploited to
disclose the contents of any information that is contained within the
slack space.
The security issue has been reported in the following versions.
* PGP Desktop Professional 9.0.3 Build 2932.
* PGP Desktop 8.x
SOLUTION:
Data on disks that are no longer needed should be wiped at the disk
level to ensure that they cannot be recovered.
PROVIDED AND/OR DISCOVERED BY:
Vinnie Liu
ORIGINAL ADVISORY:
http://metasploit.com/research/vulns/pgp_slackspace/
http://metasploit.com/projects/antiforensics/BH2005-Catch_Me_If_You_Can.ppt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
|
|
|
|
|
|
|
|
