Security Bulletin 18A10338 - PRIM'X

EN
ES

Télécharger ZEDFREE Blog PRIM'X

EN
ES

Télécharger ZEDFREE Blog PRIM'X

Security Bulletin 18A10338 (CVE-2018-19279) 11/9/2018

SUMMARY

When ZoneCentral for Windows prior to version 6.1.2236 is used to encrypt local folders on a NTFS file system, some very small files (with a size below approximately 600 bytes) can briefly appear in clear text on the disk. These files are overwritten with their encrypted version after a short delay (less than 5 seconds).

On SSD disks, persistent portions in clear text may remain longer, depending on the disk firmware.

This problem does not apply to network shares or any other file systems than NTFS.

CVSS SCORE: BASE 2.1

Attack Vector (AV): Physical (P)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)

DETAILS

CVEID: 2018-19279 (created on 11/09/2018)

CERT-FR: CERTFR-2018-AVI-555

AFFECTED PRODUCTS AND VERSIONS

ZoneCentral for Windows version prior to 6.1.2236

SOLUTIONS AND RECOMMENDATIONS

Upgrade to ZoneCentral for Windows version 6.1.2236 and above.

Nos certifications

Certifications Critères Communs au niveau EAL3+
Visa de Sécurité et Qualification ANSSI
Protection des informations classifiées : Diffusion Restreinte OTAN
CRYHOD et ZONECENTRAL : produits qualifiés ENS Alta
(CCN)
Agrément néerlandais :
AIVD

Nos certifications