漏洞类别:Local
漏洞等级: 
漏洞信息
Symantec Endpoint Encryption (SEE), powered by PGP technology provides organizations with strong full-disk and removable media encryption and the ability to integrate with Symantec Data Loss Prevention.
A denial of service (DoS) attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. (CVE-2017-15525)
Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario. (CVE-2017-15526)
Affected Versions:
Symantec Endpoint Encryption prior to SEE v11.1.3MP1
QID Detection Logic (Authenticated)
This checks for vulnerable version of SEE.
漏洞危害
An attacker can exploit this issue to cause a resourced system to become unresponsive, resulting in a denial-of-service condition.
解决方案
Vendor has released fix. Customers are advised to refer to the vendor advisory SYM17-012
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论