The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SafeGuard PrivateDisk

vulnerability note CVE-2018-6851 CVE-2018-6852 CVE-2018-6853

Sophos SafeGuard: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Sophos SafeGuard.
Impacted products: SafeGuard Encryption, SafeGuard PrivateDisk.
Severity: 2/4.
Consequences: administrator access/rights, data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 7.
Creation date: 09/07/2018.
Identifiers: 131934, CVE-2018-6851, CVE-2018-6852, CVE-2018-6853, CVE-2018-6854, CVE-2018-6855, CVE-2018-6856, CVE-2018-6857, VIGILANCE-VUL-26654.

Description of the vulnerability

An attacker can use several vulnerabilities of Sophos SafeGuard.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 17008

Sophos Disk Encryption: read-write access via SEC and Sleep-mode

Synthesis of the vulnerability

An attacker can bypass access restrictions of Sophos Disk Encryption via the Sleep-mode of Windows, in order to read or alter data.
Impacted products: SafeGuard Encryption, SafeGuard PrivateDisk.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user console.
Creation date: 28/05/2015.
Identifiers: VIGILANCE-VUL-17008.

Description of the vulnerability

The Sophos Disk Encryption product can be managed from Sophos Enterprise Console.

However, when Windows exits from the Sleep mode, a password is not always requested by Sophos Disk Encryption.

An attacker can therefore bypass access restrictions of Sophos Disk Encryption via the Sleep-mode of Windows, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 10269

SafeGuard PrivateDisk: denials of service

Synthesis of the vulnerability

A local attacker can generate two denials of service in SafeGuard PrivateDisk.
Impacted products: SafeGuard PrivateDisk.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/01/2011.
Identifiers: BID-45749, VIGILANCE-VUL-10269.

Description of the vulnerability

Two denials of service were announced in SafeGuard PrivateDisk.

An attacker can use the SGPD_UNMOUNT_IOCTL ioctl in order to unmount all volumes. [severity:1/4]

An attacker can use the SGPD_WRITE_HEADER_IOCTL ioctl in order to corrupt a volume. [severity:1/4]

A local attacker can therefore generate two denials of service in SafeGuard PrivateDisk.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.