Symantec Encryption Management Server < 3.3.2 MP7 Multiple Vulnerabilities
Medium Nessus Plugin ID 81179
SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionThe version of Symantec Encryption Management Server listening on the remote host is prior to version 3.3.2 MP7. It is, therefore, affected by multiple vulnerabilities :
- A flaw exists in the handling of specially formatted PGP keys to the integrated key management server. This allows a remote attacker to inject email headers in order to manipulate fields within the key or confirmation email. (CVE-2014-7287)
- A flaw exists in '/usr/bin/pgpbackup' when handling filename values. This allows an authenticated, local attacker to execute arbitrary commands with the use of a pipe character. (CVE-2014-7288)
SolutionUpgrade to version 3.3.2 MP7 or later.