=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN011
_____________________________________________________________________

DATE                      : 08/01/2010

HARDWARE PLATFORM(S)      : Cruzer® Enterprise series of USB flash drives.

OPERATING SYSTEM(S)       : Systems running Cruzer® Enterprise series of USB flash drives.

======================================================================
http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009
______________________________________________________________________

Overview

The Cruzer® Enterprise series of USB flash drives are equipped with a
hardware-based encryption module and an access control mechanism to
protect company data. SanDisk has recently identified a potential
vulnerability in the access control mechanism and has provided a
product update to address the issue.

Important Note: This issue is only applicable to the application
running on the host and does not apply to the device hardware or
firmware.

As a result, all Cruzer Enterprise USB flash drives being shipped
to customers as of today contain the product update. SanDisk has
also taken measures to inform customers and channel partners about
the issue and has provided a software product update online to
secure existing Cruzer Enterprise USB flash drive devices.
Devices to which this change applies

    * Cruzer® Enterprise USB flash drive, CZ22 - 1GB, 2GB, 4GB, 8GB
    * Cruzer® Enterprise FIPS Edition USB flash drive, CZ32 - 1GB, 2GB, 4GB, 8GB
    * Cruzer® Enterprise with McAfee USB flash drive, CZ38 - 1GB, 2GB, 4GB, 8GB
    * Cruzer® Enterprise FIPS Edition with McAfee USB flash drive, CZ46 - 1GB, 2GB, 4GB, 8GB

Recommendations
To implement this change, SanDisk recommends to users to install
an update file, following this procedure:

    * Fill in the online form here. This will direct you to a
downloading site.
    * Download the 'updater selector' application and the Quick
Reference Guide with installation instructions.

Summary
Preserving customer security and product reliability continues to be
a top priority at SanDisk. SanDisk will continue to work diligently
with customers as well as third-party security researchers to maintain
high levels of security.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================