| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Symantec PGP Desktop
Symantec PGP Desktop, Encryption Desktop: file manipulation on OS X
Synthesis of the vulnerability
A local attacker can alter a file of Symantec PGP Desktop or Encryption Desktop installed on OS X, in order to create a file or to change permissions.
Impacted products: Symantec Encryption Desktop, PGP Desktop.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 23/06/2014.
Identifiers: BID-68077, CVE-2014-3431, SYM14-011, VIGILANCE-VUL-14920.
Description of the vulnerability
The Symantec PGP Desktop or Symantec Encryption Desktop product can be installed on OS X.
However, some files are installed with world-writeable permissions. A local attacker can thus alter them:
- to create new files, or
- to change permissions of an existing file.
A local attacker can therefore alter a file of Symantec PGP Desktop or Encryption Desktop installed on OS X, in order to create a file or to change permissions.
Full Vigil@nce bulletin... (Free trial) |
Symantec Encryption Desktop: two vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Symantec Encryption Desktop.
Impacted products: Symantec Encryption Desktop, PGP Desktop.
Severity: 1/4.
Consequences: denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 24/04/2014.
Identifiers: BID-67016, BID-67020, CVE-2014-1646, CVE-2014-1647, SYM14-007, VIGILANCE-VUL-14638.
Description of the vulnerability
Several vulnerabilities were announced in Symantec Encryption Desktop.
An attacker can invite the victim to open a malicious certificate file, in order to access to an invalid memory area during a memory copy, in order to trigger a denial of service. [severity:1/4; BID-67016, CVE-2014-1646]
An attacker can invite the victim to open a malicious certificate file, in order to access to an invalid memory area during a block data move, in order to trigger a denial of service. [severity:1/4; BID-67020, CVE-2014-1647]
Full Vigil@nce bulletin... (Free trial) |
Symantec PGP/Encryption Desktop: privilege escalation via RDDService
Synthesis of the vulnerability
A local attacker can store a malicious program in the PATH of RDDService of Symantec PGP/Encryption Desktop, in order to escalate his privileges.
Impacted products: Symantec Encryption Desktop, PGP Desktop.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 02/08/2013.
Identifiers: BID-61489, CVE-2013-1610, SYM13-010, VIGILANCE-VUL-13193.
Description of the vulnerability
The Symantec PGP Desktop and Symantec Encryption Desktop products install the RDDService service.
However, this service calls an external command without using its full access path.
A local attacker can therefore store a malicious program in the PATH of RDDService of Symantec PGP/Encryption Desktop, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
Symantec PGP, Encryption Desktop: privilege elevation
Synthesis of the vulnerability
A local attacker can use two vulnerabilities of Symantec PGP/Encryption Desktop, in order to execute code with system privileges.
Impacted products: Symantec Encryption Desktop, PGP Desktop.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/02/2013.
Identifiers: BID-57170, BID-57835, CERTA-2013-AVI-135, CVE-2012-4351, CVE-2012-4352-ERROR, CVE-2012-6533, SYM13-001, VIGILANCE-VUL-12429.
Description of the vulnerability
The Symantec PGP/Encryption Desktop product installs the pgpwded.sys driver. However, it is impacted by two vulnerabilities.
An attacker can trigger an integer overflow. [severity:2/4; BID-57170, CVE-2012-4351]
On Windows XP/2003, an attacker can trigger a buffer overflow. [severity:2/4; BID-57835, CVE-2012-4352-ERROR, CVE-2012-6533]
A local attacker can therefore use two vulnerabilities of Symantec PGP/Encryption Desktop, in order to execute code with system privileges.
Full Vigil@nce bulletin... (Free trial) |
PGP Desktop: incorrect validation of signature
Synthesis of the vulnerability
An attacker can inject data in a valid OpenPGP message, in order to force PGP Desktop to recognize this data as signed.
Impacted products: PGP Desktop.
Severity: 3/4.
Consequences: data flow, disguisement.
Provenance: document.
Creation date: 19/11/2010.
Identifiers: BID-44920, CERTA-2010-AVI-566, CVE-2010-3618, SYM10-012, VIGILANCE-VUL-10138, VU#300785.
Description of the vulnerability
The RFC 4880 defines the format of OpenPGP messages. They are composed of data packets, which are signed and/or encrypted.
When an attacker captured an OpenPGP message between a sender and a receiver, he can:
- insert an unsigned packet (if the message contains a signed packet)
- insert an encrypted but unsigned packet (if the message contains an encrypted and signed packet)
In both cases, the PGP Desktop of the receiver displays two data packets, and indicates that they are both signed.
An attacker can therefore inject data in a valid OpenPGP message, in order to force PGP Desktop to recognize this data as signed.
Full Vigil@nce bulletin... (Free trial) |
PGP Desktop: code execution via DLL Preload
Synthesis of the vulnerability
An attacker can use a malicious tsp.dll/tvttsp.dll DLL in order to execute code in PGP Desktop.
Impacted products: PGP Desktop.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 01/10/2010.
Identifiers: BID-42856, CVE-2010-3397, VIGILANCE-VUL-9989.
Description of the vulnerability
The PGP Desktop program loads the tsp.dll/tvttsp.dll library when it starts.
However, the library is loaded insecurely. An attacker can thus use the VIGILANCE-VUL-9879 vulnerability to execute code.
An attacker can therefore use a malicious tsp.dll/tvttsp.dll DLL, in order to execute code in the context of PGP Desktop.
Full Vigil@nce bulletin... (Free trial) |
PGP Desktop: two vulnerabilities
Synthesis of the vulnerability
A local attacker can use two vulnerabilities of PGP Desktop in order to create a denial of service or to elevate his privileges.
Impacted products: PGP Desktop.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/04/2009.
Identifiers: BID-34490, CVE-2009-0681, Positive Technologies SA 2009-01, PT-2009-01, VIGILANCE-VUL-8625.
Description of the vulnerability
An IRP (I/O Request Packet) is used to communicate with a driver.
The PGP Desktop product installs several drivers under Windows. Two vulnerabilities impacts these drivers.
The pgpdisk.sys driver does not check addresses indicated in the IRP, which leads to a denial of service. [severity:1/4; CVE-2009-0681]
The pgpwded.sys driver does not check addresses indicated in the IRP, which leads to a denial of service or to code execution. [severity:2/4]
A local attacker can therefore use two vulnerabilities of PGP Desktop in order to create a denial of service or to elevate his privileges.
Full Vigil@nce bulletin... (Free trial) |
PGP Desktop: denial of service via PGPweded.sys
Synthesis of the vulnerability
A local attacker can use an IOCTL of the PGPweded.sys driver of PGP Desktop in order to stop the system.
Impacted products: PGP Desktop.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 30/12/2008.
Identifiers: CVE-2008-5731, VIGILANCE-VUL-8358.
Description of the vulnerability
The PGPweded.sys driver is installed by PGP Desktop.
When the IOCTL 0x80022038 of this driver is used, an unhandled exception occurs in the kernel.
A local attacker can therefore stop the kernel.
Full Vigil@nce bulletin... (Free trial) |
PGP Desktop: privilege elevation
Synthesis of the vulnerability
A local attacker can obtain System privileges via a vulnerability of PGP Desktop service.
Impacted products: PGP Desktop.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 26/01/2007.
Identifiers: BID-22247, CVE-2007-0603, VIGILANCE-VUL-6501, VU#102465.
Description of the vulnerability
The PGPServ.exe/PGPsdkServ.exe service is installed by PGP Desktop. This service runs with System privileges. Local clients (PGP.dll/PGPsdk.dll) communicate with this service via the "\pipe\pgpserv"/"\pipe\pgpsdkserv" named pipe.
However, messages received by this service are not checked. A local attacker can for example use a RPC structure containing a pointer to a memory area where code to be executed is located.
This vulnerability therefore permits a local attacker to execute code with System privileges.
Full Vigil@nce bulletin... (Free trial) |
PGP Desktop: partial removal of data
Synthesis of the vulnerability
The Wipe Free Space utility does not erase all hard drive data.
Impacted products: PGP Desktop.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 19/12/2005.
Identifiers: CVE-2005-4151, VIGILANCE-VUL-5436.
Description of the vulnerability
System stores files in clusters of 4096 bytes. A file of 9024 bytes (2*4096+832) uses 3 clusters, whose last is partially filled (only 832 bytes are used). Thus, 3264 bytes (4096-832) are free.
Under Windows XP and NTFS, the Wipe Free Space utility of PGP Desktop does not erase the free bytes.
The sensitive information they may contain is therefore not erased.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
|