                   
		    PGP Certificate Server 2.5.1
                  Denial of Service Vulnerability Hotfix
          Copyright (c) 2000 by Network Associates Technology, Inc.,
          and its Affiliated Companies. All Rights Reserved.


Thank you for using PGP Certificate Server 2.5.1. This Hotfix.txt file
contains important information regarding PGP Certificate Server 
2.5.1. Network Associates strongly recommends that
you read the entire document.

Network Associates welcomes your comments and suggestions. Please use 
the information provided in this file to contact us.

___________________
WHAT'S IN THIS FILE

- About This Hotfix
- Issues Resolved in This Hotfix
- Installing the Hotfix
- Contacting Network Associates
_________________
ABOUT THIS HOTFIX

This hotfix consists of a single compressed file 
(certsrv252patch.tar.gz)  which you decompress using an extraction 
utility such as gzip. The zip file contains a new version of 
the PGPcertd and PGPrepd executables.

If you have any problems with the hotfix, please contact Network 
Associates immediately. Contact information is listed at the end of 
this file.

_____________________________
ISSUE RESOLVED IN THIS HOTFIX

Issue # 1
This HotFix resolves a potential Denial of Service vulnerability in 
PGP Certificate Server 2.5.1 for Solaris. This may occur when 
devices attempt to connect to the PGP Certificate Server management
port (port 4000 by default) if incoming DNS/NetBIOS traffic is 
blocked to the PGP Certificate Server.

Issue # 2 
This HotFix resolves a potential Denial of Service vulnerability
in  PGP Certificate Server 2.5.1 for Solaris. This may occur
when  devices attempt to connect to the PGP Replication
port (port 5000 by default) if incoming DNS/NetBIOS traffic is 
blocked to the PGP Certificate Server.


Issue # 3
This HotFix resolves a replication looping issue which may occur with 
two way replication on PGP Certificate Server 2.5.1 when revoked keys
are added to the server.



_____________________
INSTALLING THE HOTFIX

* INSTALLATION REQUIREMENTS *

Before you install this Hotfix, verify that you have PGP Certificate
Server 2.5.1 installed. The Hotfix consists of a single compressed 
file (certsrv252patch.tar.gz) which you decompress using an extraction 
utility such as gzip. When you extract the certsrv252patch.tar.gz file
you will obtain two executables	: pgpcertd and pgprepd. These 
executables will replace the existing versions of the pgpcertd and 
pgprepd files on your machine. To perform the installation of the 
Hotfix, follow the instructions below.

1. Stop the PGP Certificate Server.

2. Stop the Replication engine.

3. Go to /opt/PGPcertd/bin/pgpcertd file. Rename this file to 
   pgpcertd.old.

4. Extract the first hotfix zip file (pgpcertd) into the 
   /opt/PGPcertd/bin/ directory
 
5. Change the permissions on this file to executable, i.e. 
   chmod u+x pgpcertd.

6. Extract the first hotfix zip file (pgprepd) into the 
   /opt/PGPcertd/bin/ directory
 
7. Change the permissions on this file to executable, i.e. 
   chmod u+x pgprepd.

8. Re-start PGP Certificate Server.

9. Re-start the Replication engine.

10. Delete pgpcertd.old and pgprepd.old files.
	
    CONTACTING NETWORK ASSOCIATES

Because this is a hotfix and not a patch, this file has been through 
limited testing.  If you experience any problems as a result of
applying this hotfix, please contact the Back Line support engineer
who provided the hotfix or call Network Associates Technical support
at 1-800-722-3709.

Credits
Thanks to USSR Labs for informing us of issue # 1.
