COMMAND

    PGP

SYSTEMS AFFECTED

    PGP Certificate Server Version 2.5.0, 2.5.1 *Solaris/Windows*

PROBLEM

    The Ussr  Labs team  has discovered  a null  memory problem in the
    PGP Certificate Server.   The issue they  found is that  if anyone
    connects  to  the  PGP  Certificate  Server Command Port (used for
    manage Server operations)  default (Port 4000)  and the server  is
    unable to resolve  your IP address  to a host  name it will  cause
    the process containg the services to crash.  Example follows.

    Denied all the ways to resolve  you ip to hostname and connect  to
    port 4000 in the server.  The process containg the services  crash
    and you will see something like this in the server

        http://www.ussrback.com/pgpbug.jpg

SOLUTION

    Network Associates  has released  a patch  for this vulnerability.
    Users  should  contact  Network  Associates  Technical  Support at
    1-800-722-3709 for information.