ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Are Symantec Encryption products vulnerable to the BASH "ShellShock" vulnerabilities (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169)

book

Article ID: 161216

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption PGP Command Line Encryption Management Server Endpoint Encryption Gateway Email Encryption

Issue/Introduction

Are Symantec Encryption products vulnerable to the BASH "ShellShock" vulnerabilities (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169)?

None of the Symantec Encryption products are vulnerable to the BASH "ShellShock" vulnerability. See the following table for a list of the Encryption products.

 

Symantec Endpoint Encryption
Not affected
Symantec Encryption Desktop, Symantec Drive Encryption, PGP Desktop, PGP Whole Disk Encryption, PGP Command Line
Not affected
Symantec Encryption Management Server, PGP Universal Server
Authenticated access only is permitted to the server, therefore no unauthenticated remote attempt is possible
 
BASH will be updated in an upcoming maintenance pack release for Encryption Management Server version 3.3.2

For more information about the BASH vulnerabilities, see

CVE-2014-6271: web.nvd.nist.gov/view/vuln/detail
CVE-2014-6277: web.nvd.nist.gov/view/vuln/detail
CVE-2014-6278: web.nvd.nist.gov/view/vuln/detail
CVE-2014-7169: web.nvd.nist.gov/view/vuln/detail

 

 


 

 

 

Resolution

None of the Symantec Encryption products are vulnerable to the BASH "ShellShock" vulnerabilities.