Vulnerability in Symantec Scan Engine Affects Secure Communications
CVE-2006-0231

Currently unrated

Key Information:

Vendor: Symantec
Status: Antivirus Scan Engine
Vendor: CVE Published:; 25 April 2006

Summary

Symantec Scan Engine, particularly versions 5.0.0.24 and earlier, is susceptible to a vulnerability where the same private DSA key is utilized for all installations. This flaw can enable remote attackers to execute man-in-the-middle attacks, potentially allowing them to intercept and decrypt sensitive communications between affected installations. Organizations utilizing this product should take immediate action to mitigate the risks associated with this vulnerability by updating their deployments to secure versions and reconfiguring their key management practices.

References

http://www.securityfocus.com/archive/1/431725/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/17637

vdb-entryx_refsource_BID

http://secunia.com/advisories/19734

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 25, 2006
Vulnerability Reserved
Jan 17, 2006