CVE-2007-4035

Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own
Configurations

Configuration 1 (hide)

cpe:2.3:a:guidance_software:encase:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:34

Type Values Removed Values Added
References () http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Palmer - () http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Palmer -
References () http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf - () http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf -
References () http://www.securityfocus.com/archive/1/474727/100/0/threaded - () http://www.securityfocus.com/archive/1/474727/100/0/threaded -
References () http://www.securityfocus.com/archive/1/474750/100/0/threaded - () http://www.securityfocus.com/archive/1/474750/100/0/threaded -
References () http://www.securityfocus.com/archive/1/474809/100/0/threaded - () http://www.securityfocus.com/archive/1/474809/100/0/threaded -
References () http://www.securityfocus.com/archive/1/475335/100/0/threaded - () http://www.securityfocus.com/archive/1/475335/100/0/threaded -
References () http://www.securityfocus.com/bid/25100 - () http://www.securityfocus.com/bid/25100 -

07 Nov 2023, 02:00

Type Values Removed Values Added
Summary ** DISPUTED ** Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own. Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own

Information

Published : 2007-07-27 22:30

Updated : 2024-11-21 00:34


NVD link : CVE-2007-4035

Mitre link : CVE-2007-4035

CVE.ORG link : CVE-2007-4035


JSON object : View

Products Affected

guidance_software

  • encase