ads

Saturday, January 5, 2013

Vuln found in Symantec



Symantec product PGP Whole Disk Encryption which is used to encrypt all the contents on the disk on a block-by-block basis having Zero-Day Vulnerability, according to a pastebin note.

Zero Day Vulnerability in Symantec PGP Whole Disk EncryptionNote was posted on 25th Dec by Nikita Tarakanov, claiming that pgpwded.sys kernel driver distributed with Symantec PGP Desktop contains an arbitrary memory overwrite vulnerability. Affected version of software is Symantec PGP Desktop 10.2.0 Build 2599 (up-to date).

Through a blog post, Symantec confirmed that its a potential issue, but it cannot easily be exploited. Vulnerability is limited to systems running Windows XP and Windows 2003 only. An attacker would need local access to a vulnerable computer to exploit this vulnerability.

Note posted by Nikita also provide technical details on the issue, that help Symantec encryption engineering team to understand the issue. "However, the exploit would be very difficult to trigger as it relies on the system entering an error condition first. Once in this error condition, the exploit could allow an attacker with lower privileges to run some arbitrary code with higher privileges." Kelvin Kwan said.

Vendor is planning a fix in an upcoming maintenance pack in February.

1 comment: