Local File Permissions Vulnerability in Symantec PGP Desktop and Encryption Desktop Professional
CVE-2014-3431

Currently unrated

Key Information:

Vendor: Symantec
Status: Encryption Desktop; Pgp Desktop
Vendor: CVE Published:; 21 June 2014

Summary

A vulnerability exists in Symantec PGP Desktop versions 10.x and Encryption Desktop Professional 10.3.x prior to 10.3.2 MP2 on OS X. This issue arises from world-writable permissions set on temporary files, enabling local users to bypass intended file read, modify, create, and permission restrictions. Attackers may exploit this weakness through unspecified vectors, potentially leading to unauthorized access to sensitive information.

References

http://www.securitytracker.com/id/1030454

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/68077

vdb-entryx_refsource_BID

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 21, 2014
Vulnerability Reserved
May 9, 2014