{"vuid":"VU#310057","idnumber":"310057","name":"Guidance EnCase fails to detect more than 25 partitions","keywords":["EnCase","DoS","denial of service","25 partitions"],"overview":"Guidance Software's EnCase Forensic can only detect the first 25 partitions on a volume.","clean_desc":"Guidance Software's EnCase Forensic is a tool that allows an investigator to acquire and analyze a disk image. EnCase names partitions either c: through z:, with an additional partition named \\[. EnCase Forensic may only detect the first 25 partitions on a volume. The hidden partitions are searchable, but not can not be browsed. Note that when previewing a drive with EnCase, mounted drives, including CD-ROM, USB keys, native hard drives, and floppy drives will count towards the 25 limit.","impact":"An attacker may be able to hide or obscure data.","resolution":"Guidance Encase customers should see the Guidance support portal for information about obtaining fixed software.","workarounds":"","sysaffected":"","thanks":"This report was based on \ninformation\n released by iSec partners.","author":"This document was written by Ryan Giobbi.","public":["http://www.guidancesoftware.com/products/ef_index.aspx","http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf","http://www.securityfocus.com/archive/1/474727","http://www.securityfocus.com/archive/1/archive/1/474727/100/0/threaded","http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4201"],"cveids":["CVE-2007-4201"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-08-03T13:50:45Z","publicdate":"2007-08-03T00:00:00Z","datefirstpublished":"2007-11-09T14:39:14Z","dateupdated":"2007-11-20T18:36:10Z","revision":20,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"2","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"1","cam_population":"2","cam_impact":"3","cam_easeofexploitation":"18","cam_attackeraccessrequired":"20","cam_scorecurrent":"0.8505","cam_scorecurrentwidelyknown":"0.8505","cam_scorecurrentwidelyknownexploited":"1.6605","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.8505,"vulnote":null}