VAR-201406-0114
Vulnerability from variot - Updated: 2023-12-18 13:34Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors. Symantec Encryption Desktop is prone to an insecure file-permissions vulnerability. An attacker can exploit this issue to gain unauthorized access to or create arbitrary files with elevated privileges. PGP Desktop can create, distribute and store encryption keys. Encryption Desktop Professional encrypts stored data as well as entire hard drives or hard drive partitions. The vulnerability is caused by the program using world write permission for temporary files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.0.2"
},
{
"model": "encryption desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.3.0"
},
{
"model": "encryption desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.3.1"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.1.1"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.1.0"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.0.1"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.0.3"
},
{
"model": "encryption desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.3.2"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.0.0"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "10.2.0"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "10.1.2"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "10.2.2"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "10.2.1"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "10.x"
},
{
"model": "encryption desktop",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "10.3.x"
},
{
"model": "encryption desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "professional 10.3.2 mp2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"db": "NVD",
"id": "CVE-2014-3431"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-469"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:professional:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:encryption_desktop:10.3.1:*:*:*:professional:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:encryption_desktop:10.3.2:-:*:*:professional:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:encryption_desktop:10.3.2:mp1:*:*:professional:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3431"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aaron Sigel",
"sources": [
{
"db": "BID",
"id": "68077"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3431",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-3431",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "VHN-71371",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3431",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-469",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71371",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71371"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"db": "NVD",
"id": "CVE-2014-3431"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-469"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors. Symantec Encryption Desktop is prone to an insecure file-permissions vulnerability. \nAn attacker can exploit this issue to gain unauthorized access to or create arbitrary files with elevated privileges. PGP Desktop can create, distribute and store encryption keys. Encryption Desktop Professional encrypts stored data as well as entire hard drives or hard drive partitions. The vulnerability is caused by the program using world write permission for temporary files",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3431"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"db": "BID",
"id": "68077"
},
{
"db": "VULHUB",
"id": "VHN-71371"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3431",
"trust": 2.8
},
{
"db": "BID",
"id": "68077",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1030454",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59421",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003025",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201406-469",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-71371",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71371"
},
{
"db": "BID",
"id": "68077"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"db": "NVD",
"id": "CVE-2014-3431"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-469"
}
]
},
"id": "VAR-201406-0114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71371"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:34:38.207000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM14-011",
"trust": 0.8,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00"
},
{
"title": "SYM14-011",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71371"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"db": "NVD",
"id": "CVE-2014-3431"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/68077"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030454"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59421"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3431"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3431"
},
{
"trust": 0.3,
"url": "https://www.f-secure.com"
},
{
"trust": 0.3,
"url": "http://www.symantec.com/encryption-desktop-pro"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=\u0026amp;suid=20140620_00"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71371"
},
{
"db": "BID",
"id": "68077"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"db": "NVD",
"id": "CVE-2014-3431"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-469"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71371"
},
{
"db": "BID",
"id": "68077"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"db": "NVD",
"id": "CVE-2014-3431"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-469"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-71371"
},
{
"date": "2014-06-20T00:00:00",
"db": "BID",
"id": "68077"
},
{
"date": "2014-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"date": "2014-06-21T15:55:04.680000",
"db": "NVD",
"id": "CVE-2014-3431"
},
{
"date": "2014-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-469"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-07T00:00:00",
"db": "VULHUB",
"id": "VHN-71371"
},
{
"date": "2014-06-20T00:00:00",
"db": "BID",
"id": "68077"
},
{
"date": "2014-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"date": "2017-01-07T02:59:59.237000",
"db": "NVD",
"id": "CVE-2014-3431"
},
{
"date": "2014-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-469"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "68077"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-469"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OS X Run on Symantec PGP Desktop and Encryption Desktop Professional Vulnerabilities in which restrictions on file operations can be bypassed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-469"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…