Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score:Legacy ID
1 Aug 2006 Closed Medium 2.9 SYM06-013
Symantec On-Demand Agent (SODA) and Symantec On-Demand Protection (SODP) provide a Virtual Desktop environment to secure Web-based applications and services. Files created while in the virtual desktop are encrypted as they are saved to a hard drive or removable media, if that option is enabled in the policy configuration. Symantec is aware of a method which could potentially be used to defeat the encryption on these files
Versions of Symantec On-Demand earlier than SODA 2.5 or SODP 2.6 are no longer supported. Customers using an earlier version should update to a supported product version to receive this security update and other product enhancements available in current releases.
The Japanese version of Symantec On-Demand Protection is distributed through Macnica Inc. Please contact your Macnica Support representative to obtain this update.
Additional Product Information
Linux and Macintosh
Linux and Macintosh
Symantec is aware of a method which can potentially be used to decrypt files which were encrypted by the Symantec On-Demand Virtual Desktop. An attacker who successfully used this method to decrypt files would have access to the data in the files. The level of risk associated with a successful attack is highly dependent on the content of the encrypted files.
This issue is a candidate for inclusion in the Common Vulnerabilities and Exposures (CVE) list (http://cve.mitre.org), which standardizes names for security problems. The CVE initiative has assigned CVE Candidate CVE-2006-3457 to this issue
Symantec engineers have verified that this issue exists in the versions of Symantec On-Demand listed in the table above, and have provided updates to address the issue.
The Virtual Desktop module is an optional feature of Symantec On-Demand Protection. Customers who do not use this module are not affected by this issue. However, Symantec recommends that you apply this update to ensure you are protected if you choose to use this feature in the future.
Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue.
As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats.
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.