Symantec Encryption Management Server < 3.3.2 MP7 Multiple Vulnerabilities

Medium Nessus Plugin ID 81179


The remote host is affected by multiple vulnerabilities.


The version of Symantec Encryption Management Server listening on the remote host is prior to version 3.3.2 MP7. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in the handling of specially formatted PGP keys to the integrated key management server. This allows a remote attacker to inject email headers in order to manipulate fields within the key or confirmation email. (CVE-2014-7287)

- A flaw exists in '/usr/bin/pgpbackup' when handling filename values. This allows an authenticated, local attacker to execute arbitrary commands with the use of a pipe character. (CVE-2014-7288)


Upgrade to version 3.3.2 MP7 or later.

See Also

Plugin Details

Severity: Medium

ID: 81179

File Name: symantec_encryption_server_SYM15-002.nasl

Version: $Revision: 1.5 $

Type: remote

Family: Misc.

Published: 2015/02/05

Modified: 2016/02/28

Dependencies: 72512

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:symantec:encryption_management_server

Required KB Items: LDAP/symantec_encryption_server/detected

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/01/29

Vulnerability Publication Date: 2015/01/29

Reference Information

CVE: CVE-2014-7287, CVE-2014-7288

BID: 72307, 72308

OSVDB: 117766, 117767