Vulnerabilities > CVE-2001-1320 - Buffer Overflow vulnerability in PGP Keyserver 7.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
pgp
exploit available
metasploit

Summary

Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.

Vulnerable Configurations

Part Description Count
Application
Pgp
1

Exploit-Db

descriptionNetwork Associates PGP KeyServer 7 LDAP Buffer Overflow. CVE-2001-1320. Remote exploit for windows platform
idEDB-ID:16823
last seen2016-02-02
modified2010-11-14
published2010-11-14
reportermetasploit
sourcehttps://www.exploit-db.com/download/16823/
titleNetwork Associates PGP KeyServer 7 LDAP Buffer Overflow

Metasploit

descriptionThis module exploits a stack buffer overflow in the LDAP service that is part of the NAI PGP Enterprise product suite. This module was tested against PGP KeyServer v7.0. Due to space restrictions, egghunter is used to find our payload - therefore you may wish to adjust WfsDelay.
idMSF:EXPLOIT/WINDOWS/LDAP/PGP_KEYSERVER7
last seen2019-11-22
modified2017-11-08
published2010-11-04
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/ldap/pgp_keyserver7.rb
titleNetwork Associates PGP KeyServer 7 LDAP Buffer Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/95519/pgp_keyserver7.rb.txt
idPACKETSTORM:95519
last seen2016-12-05
published2010-11-05
reporterpatrick
sourcehttps://packetstormsecurity.com/files/95519/Network-Associates-PGP-KeyServer-7-LDAP-Buffer-Overflow.html
titleNetwork Associates PGP KeyServer 7 LDAP Buffer Overflow