Are Symantec Encryption products vulnerable to the BASH "ShellShock" vulnerabilities (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169)
search cancel

Are Symantec Encryption products vulnerable to the BASH "ShellShock" vulnerabilities (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169)

book

Article ID: 161216

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption PGP Command Line Encryption Management Server Endpoint Encryption Gateway Email Encryption File Share Encryption PGP Encryption Suite PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

Are Symantec Encryption products vulnerable to the BASH "ShellShock" vulnerabilities (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169)?

None of the Symantec Encryption products are vulnerable to the BASH "ShellShock" vulnerability. See the following table for a list of the Encryption products.

 

Symantec Endpoint Encryption
Not affected
Symantec Encryption Desktop, Symantec Drive Encryption, PGP Desktop, PGP Whole Disk Encryption, PGP Command Line
Not affected
Symantec Encryption Management Server, PGP Universal Server
Authenticated access only is permitted to the server, therefore no unauthenticated remote attempt is possible
 
BASH will be updated in an upcoming maintenance pack release for Encryption Management Server version 3.3.2

For more information about the BASH vulnerabilities, see

CVE-2014-6271: web.nvd.nist.gov/view/vuln/detail
CVE-2014-6277: web.nvd.nist.gov/view/vuln/detail
CVE-2014-6278: web.nvd.nist.gov/view/vuln/detail
CVE-2014-7169: web.nvd.nist.gov/view/vuln/detail

 

 


 

 

 

Resolution

None of the Symantec Encryption products are vulnerable to the BASH "ShellShock" vulnerabilities. 


Powered by Wolken Software