search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Motorola Good Mobile Messaging insecure file deletion

Vulnerability Note VU#500963

Original Release Date: 2008-05-28 | Last Revised: 2008-05-29

Overview

When formating removable storage cards, Motorola Good Mobile Messaging products may not properly delete old data.

Description

Motorola Good Mobile Messaging products can create encrypted containers on removable media storage cards. During the process of creating the container old information on storage card may not be properly deleted.

Impact

Private information may remain on the storage card. If the card is lost, stolen, or redistributed the information could be obtained by a third party.

Solution

We are currently unaware of a practical solution to this problem.

Securely wipe storage cards

Administrators should use a data deletion tool that fills storage cards with data (overwriting private information) prior to using the cards in Good Mobile products. A similar process should be used when disposing or redistributing the cards.

Vendor Information

500963
 
Expand all

Motorola, Inc. Affected

Notified:  March 25, 2008 Updated: May 28, 2008

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base 0 AV:--/AC:--/Au:--/C:--/I:--/A:--
Temporal 0 E:ND/RL:ND/RC:ND
Environmental 0 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Michael J. Iacovacci for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

CVE IDs: None
Severity Metric: 0.09
Date Public: 2008-03-24
Date First Published: 2008-05-28
Date Last Updated: 2008-05-29 11:37 UTC
Document Revision: 14

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis