CVE-2005-4151

The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html
http://metasploit.com/research/vulns/pgp_slackspace/	Exploit
http://secunia.com/advisories/17827	Vendor Advisory
http://www.osvdb.org/21569
http://www.securityfocus.com/archive/1/419077/100/0/threaded
http://www.securityfocus.com/archive/1/419282/100/0/threaded
http://www.securityfocus.com/archive/1/419654/100/0/threaded
http://www.securityfocus.com/bid/15784	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pgp:desktop:::professional:::::*
	cpe:2.3:a:pgp:desktop:8.0::home:::::
	cpe:2.3:a:pgp:desktop:9.0::professional:::::

History

No history.

Information

Published : 2005-12-10 11:03

Updated : 2018-10-19 15:40

NVD link : CVE-2005-4151

Mitre link : CVE-2005-4151

CVE.ORG link : CVE-2005-4151

JSON object : View

Products Affected

pgp

desktop

CWE

NVD-CWE-Other

{"id": "CVE-2005-4151", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-12-10T11:03:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html", "source": "cve@mitre.org"}, {"url": "http://metasploit.com/research/vulns/pgp_slackspace/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/17827", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/21569", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/419077/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/419282/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/419654/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/15784", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk."}], "lastModified": "2018-10-19T15:40:27.643", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pgp:desktop:*:*:professional:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "863BBA4B-AB73-45A2-A740-6D32D57BF1D2", "versionEndIncluding": "9.0.3_build_2932"}, {"criteria": "cpe:2.3:a:pgp:desktop:8.0:*:home:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0745A00E-1A44-475D-A39B-6597CDB27AEC"}, {"criteria": "cpe:2.3:a:pgp:desktop:9.0:*:professional:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B5BCE69-AA38-4321-8B95-A3CFDFCBC9E8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}