 |
|
|
|
| Symantec Norton Ghost multiple security vulnerabilities | | Published: |  | 28.04.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7645 | | Type: |  | local | | Level: |  | 5/10 | | Description: |  | Service Manager buffer oveflow, weak encryption. |
| CVE: |  | CVE-2007-2361 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.) | | | | CVE-2007-2360 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.) | | | | CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string.) |
|
|
|
|
|
|
|
|
