Vulnerabilities > CVE-2014-3436 - Cryptographic Issues vulnerability in Symantec Encryption Desktop and PGP Desktop
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SYMANTEC_ENCRYPTION_DESKTOP_CVE-2014-3436.NASL description The version of Symantec Encryption Desktop installed on the remote Mac OS X host is version 10.x prior to 10.3.2 MP3. It is, therefore, affected by a denial of service vulnerability. The flaw is due to a failure to properly limit decompressed file size during the decryption process of a specially crafted encrypted email. Decryption of an excessively large compressed message could cause high memory and CPU usage resulting in a denial of service as the system becomes unresponsive during the decompression attempt. last seen 2020-06-01 modified 2020-06-02 plugin id 77407 published 2014-08-27 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77407 title Symantec Encryption Desktop 10.x < 10.3.2 MP3 DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(77407); script_version("1.4"); script_cvs_date("Date: 2018/07/14 1:59:36"); script_cve_id("CVE-2014-3436"); script_bugtraq_id(69259); script_name(english:"Symantec Encryption Desktop 10.x < 10.3.2 MP3 DoS"); script_summary(english:"Checks the Symantec Encryption Desktop version."); script_set_attribute(attribute:"synopsis", value: "The remote Mac OS X host has a data encryption application installed that is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "The version of Symantec Encryption Desktop installed on the remote Mac OS X host is version 10.x prior to 10.3.2 MP3. It is, therefore, affected by a denial of service vulnerability. The flaw is due to a failure to properly limit decompressed file size during the decryption process of a specially crafted encrypted email. Decryption of an excessively large compressed message could cause high memory and CPU usage resulting in a denial of service as the system becomes unresponsive during the decompression attempt."); # http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140821_00 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8e650426"); script_set_attribute(attribute:"solution", value:"Upgrade to Symantec Encryption Desktop 10.3.2 MP3 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/21"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:symantec:encryption_desktop"); script_set_attribute(attribute:"cpe", value:"cpe:/a:symantec:pgp_desktop"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("macosx_symantec_encryption_desktop_installed.nbin"); script_require_keys("Host/MacOSX/Version","Host/local_checks_enabled","installed_sw/Symantec Encryption Desktop"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/MacOSX/Version")) audit(AUDIT_OS_NOT, "Mac OS X"); appname = 'Symantec Encryption Desktop'; get_install_count(app_name:appname, exit_if_zero:TRUE); install = get_single_install(app_name:appname,exit_if_unknown_ver:TRUE); version = install["version"]; path = install["path"]; port = 0; # For this version line, we NEED the build # if(version == "10.3.2") audit(AUDIT_VER_NOT_GRANULAR,appname+" / PGP Desktop",version); if ( # 10.0.0 - 10.3.1 vulnerable (ver_compare(ver:version,fix:"10.0.0",strict:FALSE) >= 0 && ver_compare(ver:version,fix:"10.3.2",strict:FALSE) < 0) || # 10.3.2 before build 15495 vulnerable (version =~ "^10\.3\.2\." && ver_compare(ver:version,fix:"10.3.2.15495",strict:TRUE) < 0) ) { report = '\n Path : ' + path + '\n Installed version : ' + version+ '\n Fixed version : 10.3.2 MP3 (Build 15495)'; } else audit(AUDIT_INST_PATH_NOT_VULN, appname+" / PGP Desktop", version, path); if (report_verbosity > 0) security_warning(port:port, extra:report); else security_warning(port);NASL family Windows NASL id SYMANTEC_ENCRYPTION_DESKTOP_CVE-2014-3436.NASL description The version of Symantec Encryption Desktop installed on the remote host is version 10.x prior to 10.3.2 MP3. It is, therefore, affected by a denial of service vulnerability. The flaw is due to a failure to properly limit decompressed file size during the decryption process of a specially crafted encrypted email. Decryption of an excessively large compressed message could cause high memory and CPU usage resulting in a denial of service as the system becomes unresponsive during the decompression attempt. last seen 2020-06-01 modified 2020-06-02 plugin id 77406 published 2014-08-27 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77406 title Symantec Encryption Desktop 10.x < 10.3.2 MP3 DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(77406); script_version("1.6"); script_cvs_date("Date: 2018/08/01 17:36:15"); script_cve_id("CVE-2014-3436"); script_bugtraq_id(69259); script_name(english:"Symantec Encryption Desktop 10.x < 10.3.2 MP3 DoS"); script_summary(english:"Checks the Symantec Encryption Desktop version."); script_set_attribute(attribute:"synopsis", value: "The remote host has a data encryption application installed that is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "The version of Symantec Encryption Desktop installed on the remote host is version 10.x prior to 10.3.2 MP3. It is, therefore, affected by a denial of service vulnerability. The flaw is due to a failure to properly limit decompressed file size during the decryption process of a specially crafted encrypted email. Decryption of an excessively large compressed message could cause high memory and CPU usage resulting in a denial of service as the system becomes unresponsive during the decompression attempt."); # http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140821_00 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8e650426"); script_set_attribute(attribute:"solution", value:"Upgrade to Symantec Encryption Desktop 10.3.2 MP3 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/21"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:symantec:encryption_desktop"); script_set_attribute(attribute:"cpe", value:"cpe:/a:symantec:pgp_desktop"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("symantec_encryption_desktop_installed.nbin"); script_require_keys("SMB/Registry/Enumerated", "installed_sw/Symantec Encryption Desktop"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); get_kb_item_or_exit("SMB/Registry/Enumerated"); appname = 'Symantec Encryption Desktop'; get_install_count(app_name:appname, exit_if_zero:TRUE); install = get_single_install(app_name:appname,exit_if_unknown_ver:TRUE); version = install["version"]; path = install["path"]; port = get_kb_item("SMB/transport"); if (!port) port = 445; # For this version line, we NEED the build # if(version == "10.3.2") audit(AUDIT_VER_NOT_GRANULAR,appname+"/ PGP Desktop",version); if ( # 10.0.0 - 10.3.1 vulnerable (ver_compare(ver:version,fix:"10.0.0",strict:FALSE) >= 0 && ver_compare(ver:version,fix:"10.3.2",strict:FALSE) < 0) || # 10.3.2 before build 15495 vulnerable (version =~ "^10\.3\.2\." && ver_compare(ver:version,fix:"10.3.2.15495",strict:TRUE) < 0) ) { report = '\n Path : ' + path + '\n Installed version : ' + version+ '\n Fixed version : 10.3.2 MP3 (Build 15495)'; } else audit(AUDIT_INST_PATH_NOT_VULN, appname+"/ PGP Desktop", version, path); if (report_verbosity > 0) security_warning(port:port, extra:report); else security_warning(port);