CVE-2014-3431 - OpenCVE

Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Mac Os X
Symantec	Encryption Desktop Pgp Desktop

Configuration 1 [-]

AND

OR	cpe:2.3:a:symantec:encryption_desktop:10.3.0::::professional:::
	cpe:2.3:a:symantec:encryption_desktop:10.3.1::::professional:::
	cpe:2.3:a:symantec:encryption_desktop:10.3.2:-:::professional:::*
	cpe:2.3:a:symantec:encryption_desktop:10.3.2:mp1:::professional:::*
	cpe:2.3:a:symantec:pgp_desktop:10.0.0:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.0.1:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.0.2:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.0.3:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.1.0:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.1.1:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.1.2:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.2.0:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.2.1:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.2.2:::::::*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/59421
http://www.securityfocus.com/bid/68077
http://www.securitytracker.com/id/1030454
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: symantec

Published: 2014-06-21T15:00:00

Updated: 2017-01-05T14:57:01

Reserved: 2014-05-09T00:00:00

Link: CVE-2014-3431

JSON object: View

NVD Information

Status : Modified

Published: 2014-06-21T15:55:04.680

Modified: 2017-01-07T02:59:59.237

Link: CVE-2014-3431

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-20T00:00:00", "descriptions": [{"lang": "en", "value": "Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-05T14:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"name": "1030454", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030454"}, {"name": "68077", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68077"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00"}, {"name": "59421", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59421"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "ID": "CVE-2014-3431", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1030454", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030454"}, {"name": "68077", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68077"}, {"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00", "refsource": "CONFIRM", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00"}, {"name": "59421", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59421"}]}}}}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2014-3431", "datePublished": "2014-06-21T15:00:00", "dateReserved": "2014-05-09T00:00:00", "dateUpdated": "2017-01-05T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:professional:*:*:*", "matchCriteriaId": "E73390D3-3DE8-43AB-980F-0885A6C57A08", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.1:*:*:*:professional:*:*:*", "matchCriteriaId": "C641BF3B-033C-4E89-99D1-D0279176E85B", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.2:-:*:*:professional:*:*:*", "matchCriteriaId": "D80F9A3B-E810-422C-9168-B58ADC983A9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.2:mp1:*:*:professional:*:*:*", "matchCriteriaId": "64884C14-9E0D-4C8E-802E-D373DE80A506", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1EBF6909-8372-4264-8510-53482589D3D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7A873C35-C480-4A3D-A0B2-5BDAF794B80C", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8D7928F8-9E18-495B-AF0A-FE64B3CA88A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "59BEA5BE-2595-4BE5-B0CC-405748925F9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EFA810A7-C21B-4314-88CE-CC0018D6209F", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6D6C464E-45C2-44B7-B474-4165C7FF9FE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "38F4B912-92AA-4438-80EE-C3C46775D59C", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4E5D7E1B-44AE-4EB7-940C-7010D92A1CFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7B704ED7-8438-4BCF-B062-5303C3D9CAAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "01D5E4E1-B128-4E77-A137-BA435082720C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors."}, {"lang": "es", "value": "Symantec PGP Desktop 10.x, y Encryption Desktop Professional 10.3.x anterior a 10.3.2 MP2, en OS X utiliza permisos de lectura universal para ficheros temporales, lo que permite a usuarios locales evadir restricciones sobre la lectura de ficheros, modificaci\u00f3n, creaci\u00f3n y cambios de permisos a trav\u00e9s de vectores no especificados."}], "id": "CVE-2014-3431", "lastModified": "2017-01-07T02:59:59.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-06-21T15:55:04.680", "references": [{"source": "secure@symantec.com", "url": "http://secunia.com/advisories/59421"}, {"source": "secure@symantec.com", "url": "http://www.securityfocus.com/bid/68077"}, {"source": "secure@symantec.com", "url": "http://www.securitytracker.com/id/1030454"}, {"source": "secure@symantec.com", "tags": ["Vendor Advisory"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}