|
|
|
|
| |
Credit:
The information has been provided by Symantec Secure.
The original article can be found at: http://www.symantec.com/avcenter/security/Content/2006.08.01a.html
|
| |
Vulnerable Systems:
* SODA 2.5 MR2 and earlier (builds 2156 and lower) - Windows - build 2157 and later
* SODA 2.6 (builds 2232 and lower) - Windows - build 2233 and later
Immune Systems:
* SODA version 2.5 - Linux and Macintosh
* SODA version 2.6 - Linux and Macintosh
Symantec is aware of a method which can potentially be used to decrypt files which were encrypted by the Symantec On-Demand Virtual Desktop. An attacker who successfully used this method to decrypt files would have access to the data in the files. The level of risk associated with a successful attack is highly dependent on the content of the encrypted files.
Symantec Response:
Symantec engineers have verified that this issue exists in the versions of Symantec On-Demand listed in the table above, and have provided updates to address the issue.
The Virtual Desktop module is an optional feature of Symantec On-Demand Protection. Customers who do not use this module are not affected by this issue. However, Symantec recommends that you apply this update to ensure you are protected if you choose to use this feature in the future.
Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue.
As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats.
CVE Information:
CVE-2006-3457
|
|
|
|
|
