VULHUB ™

The implementation of Internet Key Exchange (IKE) used by the PGPFreeware VPN client is reported to be prone to a buffer overflow when handling malformed IKE response packets. An attacker may potentially exploit this condition to execute arbitrary code on a client system or cause a denial of service. Other vendor products are reported to be affected by similar issues. Bugtraq ID(s) 5440, 5441, 5443 describe similar issues with regards to the handling of malformed IKE response packets. There are currently not enough details available to determine if PGPFreeware is affected by any of these specific issues. This issue was reported in PGPFreeware 7.03 running on Windows NT 4.0 SP6. Other versions and platforms may also be affected.

The implementation of Internet Key Exchange (IKE) used by the PGPFreeware VPN client is reported to be prone to a buffer overflow when handling malformed IKE response packets. An attacker may potentially exploit this condition to execute arbitrary code on a client system or cause a denial of service. Other vendor products are reported to be affected by similar issues. Bugtraq ID(s) 5440, 5441, 5443 describe similar issues with regards to the handling of malformed IKE response packets. There are currently not enough details available to determine if PGPFreeware is affected by any of these specific issues. This issue was reported in PGPFreeware 7.03 running on Windows NT 4.0 SP6. Other versions and platforms may also be affected.