Motorola Good Mobile Messaging insecure file deletion

2008-05-28T00:00:00
ID VU:500963
Type cert
Reporter CERT
Modified 2008-05-29T11:37:00

Description

Overview

When formating removable storage cards, Motorola Good Mobile Messaging products may not properly delete old data.

Description

Motorola Good Mobile Messaging products can create encrypted containers on removable media storage cards. During the process of creating the container old information on storage card may not be properly deleted.


Impact

Private information may remain on the storage card. If the card is lost, stolen, or redistributed the information could be obtained by a third party.


Solution

We are currently unaware of a practical solution to this problem.


Securely wipe storage cards

Administrators should use a data deletion tool that fills storage cards with data (overwriting private information) prior to using the cards in Good Mobile products. A similar process should be used when disposing or redistributing the cards.


Vendor Information

500963

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Motorola, Inc. Affected

Notified: March 25, 2008 Updated: May 28, 2008

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:--
Temporal | 0 | E:ND/RL:ND/RC:ND
Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

  • <http://www.good.com/corp/index.php>
  • <http://www.sysresccd.org/Sysresccd-manual-en_Secure_Deletion_of_Data>
  • <http://en.wikipedia.org/wiki/Data_remanence#Specific_methods>

Acknowledgements

Thanks to Michael J. Iacovacci for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

CVE IDs: | None
---|---
Severity Metric: | 0.09
Date Public: | 2008-03-24
Date First Published: | 2008-05-28
Date Last Updated: | 2008-05-29 11:37 UTC
Document Revision: | 14