CVE-2002-2067 - East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTF

CVE-2002-2067

Summary

East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

References

Vulnerable Configurations

cpe:2.3:a:east-tec:eraser:2002:*:*:*:*:*:*:*
cpe:2.3:a:east-tec:eraser:2002:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 08-02-2024 - 20:28)
Impact:
Exploitability:

CWE

CWE-459

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	3912
bugtraq	20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS
ciac	M-034
misc	http://www.east-tec.com/eraser/faq.htm http://www.seifried.org/security/advisories/kssa-003.html
xf	ntfs-ads-file-wipe(7953)

statements via4

contributor	Alexandra Preda
lastmodified	2006-12-20
organization	EAST Technologies
statement	This issue has been addressed in the latest version of our product, East-Tec Eraser 2007 and you may download it from http://www.east-tec.com

Last major update

08-02-2024 - 20:28

Published

31-12-2002 - 05:00

Last modified

08-02-2024 - 20:28