CVE-2001-1320

Network Associates PGP Keyserver 7.0 - DoS, RCE

Title source: llm

Description

Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16823

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by aushack · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ldap/pgp_keyserver7.rb

View Code ZIP pw:eip

References (7)

[Patch, Vendor Advisory] http://ciac.llnl.gov/ciac/bulletins/l-116.shtml

[Third Party Advisory, US Government Resource] http://www.cert.org/advisories/CA-2001-18.html

[US Government Resource] http://www.kb.cert.org/vuls/id/765256

[US Government Resource] http://www.kb.cert.org/vuls/id/JPLA-4WESNK

[Vendor Advisory] http://www.securityfocus.com/bid/3046

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/6900

[Various Sources] http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/

Scores

EPSS 0.6669

EPSS Percentile 98.5%

Classification

Status draft

Affected Products (1)

pgp/keyserver

Timeline

Published Jul 16, 2001

Tracked Since Feb 18, 2026