Vulnerability Details

ID: CVE-2002-2069

Last Modified: Sept. 5, 2008

Open in new window

Description

PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

CVSS V2

Access Vector: Network

Access Complexity: Low

Authentication: None

Confidentiality Impact: Partial

Integrity Impact: None

Availability Impact: None

Base Score: 5.0

Exploitability Score: 10.0

Impact Score: 2.9

CVSS V2: AV:N/AC:L/Au:N/C:P/I:N/A:N

Specialize CVSS-Score

CWE-ID

NVD-CWE-Other

Configuration

Condition		Configuration
OR
OR
	cpe:2.3:a:pgp:pgp:7.0.3:::::::* Part: a Product: pgp Vendor: pgp Version: 7.0.3	Alle Schwachstellen für pgp
	cpe:2.3:a:pgp:pgp:6.5.2a:::::::* Part: a Product: pgp Vendor: pgp Version: 6.5.2a	Alle Schwachstellen für pgp
	cpe:2.3:a:pgp:pgp:6.5.1i:::::::* Part: a Product: pgp Vendor: pgp Version: 6.5.1i	Alle Schwachstellen für pgp
	cpe:2.3:a:pgp:pgp:6.5.1:::::::* Part: a Product: pgp Vendor: pgp Version: 6.5.1	Alle Schwachstellen für pgp
	cpe:2.3:a:pgp:pgp:7.0:::::::* Part: a Product: pgp Vendor: pgp Version: 7.0	Alle Schwachstellen für pgp
	cpe:2.3:a:pgp:pgp:6.5.8:::::::* Part: a Product: pgp Vendor: pgp Version: 6.5.8	Alle Schwachstellen für pgp
	cpe:2.3:a:pgp:pgp:6.5.3:::::::* Part: a Product: pgp Vendor: pgp Version: 6.5.3	Alle Schwachstellen für pgp

Pre-Condition

                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:pgp:pgp:7.0.3:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:pgp:pgp:6.5.2a:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:pgp:pgp:6.5.1i:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:pgp:pgp:6.5.1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:pgp:pgp:7.0:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:pgp:pgp:6.5.8:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:pgp:pgp:6.5.3:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

Post-Condition

                      <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:pgp:pgp:7.0.3:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:pgp:pgp:6.5.2a:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:pgp:pgp:6.5.1i:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:pgp:pgp:6.5.1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:pgp:pgp:7.0:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:pgp:pgp:6.5.8:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:pgp:pgp:6.5.3:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="data" value="any"/>
    <prop key="data_influence" value="read"/>
    <prop key="range" value="remote"/>
</set>