The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Sophos SafeGuard PrivateDisk

computer vulnerability bulletin 17008

Sophos Disk Encryption: read-write access via SEC and Sleep-mode

Synthesis of the vulnerability

An attacker can bypass access restrictions of Sophos Disk Encryption via the Sleep-mode of Windows, in order to read or alter data.
Impacted products: SafeGuard Encryption, SafeGuard PrivateDisk.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user console.
Creation date: 28/05/2015.
Identifiers: VIGILANCE-VUL-17008.

Description of the vulnerability

The Sophos Disk Encryption product can be managed from Sophos Enterprise Console.

However, when Windows exits from the Sleep mode, a password is not always requested by Sophos Disk Encryption.

An attacker can therefore bypass access restrictions of Sophos Disk Encryption via the Sleep-mode of Windows, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 10269

SafeGuard PrivateDisk: denials of service

Synthesis of the vulnerability

A local attacker can generate two denials of service in SafeGuard PrivateDisk.
Impacted products: SafeGuard PrivateDisk.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/01/2011.
Identifiers: BID-45749, VIGILANCE-VUL-10269.

Description of the vulnerability

Two denials of service were announced in SafeGuard PrivateDisk.

An attacker can use the SGPD_UNMOUNT_IOCTL ioctl in order to unmount all volumes. [severity:1/4]

An attacker can use the SGPD_WRITE_HEADER_IOCTL ioctl in order to corrupt a volume. [severity:1/4]

A local attacker can therefore generate two denials of service in SafeGuard PrivateDisk.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.