Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3457

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2006-3457
Last Modified 07 Mar 2011 09:38:41
Published 04 Aug 2006 08:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-3457

Summary

Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow local users to read sensitive data via an unspecified decryption method.

Vulnerable Systems

Application

  • Symantec On-demand Agent 2.5 Mr2 Build 2156

  • Symantec On-demand Protection 2.6 Build 2232


References

VUPEN - ADV-2006-3097

CONFIRM - http://www.symantec.com/avcenter/security/Content/2006.08.01a.html

BUGTRAQ - 20060801 SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure

XF - symantec-ondemand-weak-encryption(28181)

BID - 19248

SECTRACK - 1016619

SECUNIA - 21280


Last Updated: 27 May 2016 10:43:01