Sophos Safeguard Enterprise本地安全限制绕过漏洞(CVE-2012-4736)

BUGTRAQ ID: 59311 CVECAN ID: CVE-2012-4736 Sophos Safeguard Enterprise是磁盘加密解决方案。 SafeGuard Enterprise 6.0 及其他版本内的Device Encryption Client组件存在安全漏洞，该漏洞源于启用基于卷的加密策略并使用用户定义的密钥时，组件没有正确地阻止使用exFAT USB闪存盘，本地用户可利用此漏洞通过多次removal和reattach操作，绕过目标访问限制并复制敏感信息到设备。 0 Sophos Safeguard Enterprise 厂商补丁： Sophos ----...

CVE-2012-4736

The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for local users to bypass intended access restrictions a...

Design/Logic Flaw

The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for local users to bypass intended access restrictions a...

CVE-2012-4736

The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for local users to bypass intended access restrictions a...