Lucene search

[email protected]CVE-2005-4151

HistoryDec 10, 2005 - 11:03 a.m.

CVE-2005-4151

2005-12-1011:03:00

[email protected]

web.nvd.nist.gov

wipe free space

pgp desktop

information security

vulnerability

file slack space

local access

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk.

Affected configurations

NVD

Node

pgpdesktopRange≤9.0.3_build_2932professional

pgpdesktopMatch8.0home

pgpdesktopMatch9.0professional

CPENameOperatorVersion
pgp:desktoppgp desktople9.0.3_build_2932
pgp:desktoppgp desktopeq8.0
pgp:desktoppgp desktopeq9.0

CPE	Name	Operator	Version
pgp:desktop	pgp desktop	le	9.0.3_build_2932
pgp:desktop	pgp desktop	eq	8.0
pgp:desktop	pgp desktop	eq	9.0

References

archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html

metasploit.com/research/vulns/pgp_slackspace/

secunia.com/advisories/17827

www.osvdb.org/21569

www.securityfocus.com/archive/1/419077/100/0/threaded

www.securityfocus.com/archive/1/419282/100/0/threaded

www.securityfocus.com/archive/1/419654/100/0/threaded

www.securityfocus.com/bid/15784

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2005-4151

cvelist1 nvd1