5 - VU#310057

Executive Summary

Summary
Title	Guidance EnCase fails to detect more than 25 partitions

Informations
Name	VU#310057	First vendor Publication	2007-11-09
Vendor	VU-CERT	Last vendor Modification	2007-11-09
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#310057

Guidance EnCase fails to detect more than 25 partitions

Overview

Guidance Software's EnCase Forensic can only detect the first 25 partitions on a volume.

I. Description

Guidance Software's EnCase Forensic is a tool that allows an investigator to acquire and analyze a disk image. EnCase names partitions either c: through z:, with an additional partition named [.

EnCase Forensic may only detect the first 25 partitions on a volume. The hidden partitions are searchable, but not can not be browsed.

Note that when previewing a drive with EnCase, mounted drives, including CD-ROM, USB keys, native hard drives, and floppy drives will count towards the 25 limit.

II. Impact

An attacker may be able to hide or obscure data.

III. Solution

Guidance Encase customers should see the Guidance support portal for information about obtaining fixed software.

Systems Affected

Vendor	Status	Date Updated
Guidance Software, Inc.	Vulnerable	9-Nov-2007

References

http://www.guidancesoftware.com/products/ef_index.aspx
http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf
http://www.securityfocus.com/archive/1/474727
http://www.securityfocus.com/archive/1/archive/1/474727/100/0/threaded
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4201

Credit

This report was based on information released by iSec partners.

This document was written by Ryan Giobbi.

Other Information

Date Public	08/03/2007
Date First Published	11/09/2007 09:39:14 AM
Date Last Updated	11/09/2007
CERT Advisory
CVE Name	CVE-2007-4201
Metric	0.85
Document Revision	19

Original Source

Url : http://www.kb.cert.org/vuls/id/310057

CPE : Common Platform Enumeration

Type	Description	Count
Application	Guidance Software Encase cpe:2.3:a:guidance_software:encase:6.5:::::::* cpe:2.3:a:guidance_software:encase:6.2:::::::*	2

Open Source Vulnerability Database (OSVDB)

Id	Description
44746	EnCase Volume Partition Handling Data Concealment Weakness

Global Informations

Type	Count
CPE ID(s)	2
osvdb(s)	1

	Related
5	CVE-2007-4201
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)