var-201406-0114
Vulnerability from variot
Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors. Symantec Encryption Desktop is prone to an insecure file-permissions vulnerability. An attacker can exploit this issue to gain unauthorized access to or create arbitrary files with elevated privileges. PGP Desktop can create, distribute and store encryption keys. Encryption Desktop Professional encrypts stored data as well as entire hard drives or hard drive partitions. The vulnerability is caused by the program using world write permission for temporary files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "encryption desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.3.1"
},
{
"model": "encryption desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.3.2"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.0.3"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.0.2"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.0.0"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.1.0"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.0.1"
},
{
"model": "encryption desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.3.0"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.1.1"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "10.2.2"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "10.1.2"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "10.2.0"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "10.2.1"
},
{
"model": "pgp desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "10.x"
},
{
"model": "encryption desktop",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "10.3.x"
},
{
"model": "encryption desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "professional 10.3.2 mp2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-469"
},
{
"db": "NVD",
"id": "CVE-2014-3431"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:encryption_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:pgp_desktop",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aaron Sigel",
"sources": [
{
"db": "BID",
"id": "68077"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3431",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "CVE-2014-3431",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "VHN-71371",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3431",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3431",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-469",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71371",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71371"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-469"
},
{
"db": "NVD",
"id": "CVE-2014-3431"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors. Symantec Encryption Desktop is prone to an insecure file-permissions vulnerability. \nAn attacker can exploit this issue to gain unauthorized access to or create arbitrary files with elevated privileges. PGP Desktop can create, distribute and store encryption keys. Encryption Desktop Professional encrypts stored data as well as entire hard drives or hard drive partitions. The vulnerability is caused by the program using world write permission for temporary files",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3431"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"db": "BID",
"id": "68077"
},
{
"db": "VULHUB",
"id": "VHN-71371"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3431",
"trust": 2.8
},
{
"db": "BID",
"id": "68077",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1030454",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59421",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003025",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201406-469",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-71371",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71371"
},
{
"db": "BID",
"id": "68077"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-469"
},
{
"db": "NVD",
"id": "CVE-2014-3431"
}
]
},
"id": "VAR-201406-0114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71371"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:46:06.232000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM14-011",
"trust": 0.8,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00"
},
{
"title": "SYM14-011",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71371"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"db": "NVD",
"id": "CVE-2014-3431"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/68077"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030454"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59421"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3431"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3431"
},
{
"trust": 0.3,
"url": "https://www.f-secure.com"
},
{
"trust": 0.3,
"url": "http://www.symantec.com/encryption-desktop-pro"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=\u0026amp;suid=20140620_00"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71371"
},
{
"db": "BID",
"id": "68077"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-469"
},
{
"db": "NVD",
"id": "CVE-2014-3431"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71371"
},
{
"db": "BID",
"id": "68077"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-469"
},
{
"db": "NVD",
"id": "CVE-2014-3431"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-71371"
},
{
"date": "2014-06-20T00:00:00",
"db": "BID",
"id": "68077"
},
{
"date": "2014-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"date": "2014-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-469"
},
{
"date": "2014-06-21T15:55:04.680000",
"db": "NVD",
"id": "CVE-2014-3431"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-07T00:00:00",
"db": "VULHUB",
"id": "VHN-71371"
},
{
"date": "2014-06-20T00:00:00",
"db": "BID",
"id": "68077"
},
{
"date": "2014-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003025"
},
{
"date": "2014-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-469"
},
{
"date": "2024-11-21T02:08:05.037000",
"db": "NVD",
"id": "CVE-2014-3431"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "68077"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-469"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OS X Run on Symantec PGP Desktop and Encryption Desktop Professional Vulnerabilities in which restrictions on file operations can be bypassed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003025"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-469"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.