CERTA-2006-AVI-320

Vulnerability from certfr_avis - Published: 2006-08-02 - Updated: 2006-08-02

Les produits Symantec On-Demand Agent (SODA) et Symantec On-Demand Protection (SODP) fournissent un environnement de travail virtuel afin de sécuriser les applications orientées web. La sécurité est apportée par la possibilité de chiffrer des fichiers.

Description

Le système de chiffrement de fichiers fourni par Symantec sur les plateformes Windows est vulnérable et permet à une personne malveillante de déchiffrer, en local, les fichiers protégés. Le risque est bien entendu dépendant de la nature des données chiffrées par l'utilisateur légitime.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Symantec N/A SODP version 2.6.
Symantec N/A SODA version 2.5 MR2 et précédentes;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SODP version 2.6.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "SODA version 2.5 MR2 et pr\u00e9c\u00e9dentes;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLe syst\u00e8me de chiffrement de fichiers fourni par Symantec sur les\nplateformes Windows est vuln\u00e9rable et permet \u00e0 une personne malveillante\nde d\u00e9chiffrer, en local, les fichiers prot\u00e9g\u00e9s. Le risque est bien\nentendu d\u00e9pendant de la nature des donn\u00e9es chiffr\u00e9es par l\u0027utilisateur\nl\u00e9gitime.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2006-08-02T00:00:00",
  "last_revision_date": "2006-08-02T00:00:00",
  "links": [
    {
      "title": "Bulletin de Symantec :",
      "url": "http://www.symantec.com/avcenter/security/Content/2006.08.01a.html"
    }
  ],
  "reference": "CERTA-2006-AVI-320",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-08-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Les produits Symantec On-Demand Agent (SODA) et Symantec On-Demand\nProtection (SODP) fournissent un environnement de travail virtuel afin\nde s\u00e9curiser les applications orient\u00e9es web. La s\u00e9curit\u00e9 est apport\u00e9e\npar la possibilit\u00e9 de chiffrer des fichiers.\n",
  "title": "Vuln\u00e9rabilit\u00e9s Symantec",
  "vendor_advisories": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.