Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0231

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-0231
Last Modified 07 Mar 2011 09:29:37
Published 24 Apr 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0231

Summary

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications.

Vulnerable Systems

Application

  • Symantec Antivirus Scan Engine 5.0.0.24


References

VULNWATCH - 20060421 Rapid7 Advisory R7-0022: Symantec Scan Engine Known Immutable DSA Private Key

VUPEN - ADV-2006-1464

XF - sse-insecure-private-key(25973)

CONFIRM - http://www.symantec.com/avcenter/security/Content/2006.04.21.html

BID - 17637

BUGTRAQ - 20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities

SECTRACK - 1015974

SECUNIA - 19734


Last Updated: 27 May 2016 10:41:35