CVE-2002-2070 - SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on

CVE-2002-2070

Summary

SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

References

http://www.securityfocus.com/archive/1/251565
http://www.seifried.org/security/advisories/kssa-003.html
http://www.ciac.org/ciac/bulletins/m-034.shtml
http://www.securityfocus.com/bid/3912
http://www.iss.net/security_center/static/7953.php

Vulnerable Configurations

cpe:2.3:a:accessdata:secureclean:3:build_2.0:*:*:*:*:*:*
cpe:2.3:a:accessdata:secureclean:3:build_2.0:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 08-02-2024 - 20:35)
Impact:
Exploitability:

CWE

CWE-459

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	3912
bugtraq	20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS
ciac	M-034
misc	http://www.seifried.org/security/advisories/kssa-003.html
xf	ntfs-ads-file-wipe(7953)

Last major update

08-02-2024 - 20:35

Published

31-12-2002 - 05:00

Last modified

08-02-2024 - 20:35