ID |
CVE-2007-2360
|
Summary |
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key. "In order for this exploit to have an impact, administrators would either have to configure client machines to save restore points images to a private share, or the vulnerable machine would have to be shared by several users who each saved their restore points images to private shares." |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:symantec:backupexec_system_recovery:6.5:*:*:*:*:*:*:*
cpe:2.3:a:symantec:backupexec_system_recovery:6.5:*:*:*:*:*:*:*
-
cpe:2.3:a:symantec:backupexec_system_recovery:6.52:*:*:*:*:*:*:*
cpe:2.3:a:symantec:backupexec_system_recovery:6.52:*:*:*:*:*:*:*
-
cpe:2.3:a:symantec:backupexec_system_recovery:6.52a:*:*:*:*:*:*:*
cpe:2.3:a:symantec:backupexec_system_recovery:6.52a:*:*:*:*:*:*:*
-
cpe:2.3:a:symantec:backupexec_system_recovery:6.53:*:*:*:*:*:*:*
cpe:2.3:a:symantec:backupexec_system_recovery:6.53:*:*:*:*:*:*:*
-
cpe:2.3:a:symantec:livestate_recovery:6.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:livestate_recovery:6.0:*:*:*:*:*:*:*
-
cpe:2.3:a:symantec:livestate_recovery:6.01:*:*:*:*:*:*:*
cpe:2.3:a:symantec:livestate_recovery:6.01:*:*:*:*:*:*:*
-
cpe:2.3:a:symantec:livestate_recovery:6.02:*:*:*:*:*:*:*
cpe:2.3:a:symantec:livestate_recovery:6.02:*:*:*:*:*:*:*
-
cpe:2.3:a:symantec:norton_ghost:10.0:*:dell:*:*:*:*:*
cpe:2.3:a:symantec:norton_ghost:10.0:*:dell:*:*:*:*:*
-
cpe:2.3:a:symantec:norton_ghost:10.0:*:norton_system_works:*:*:*:*:*
cpe:2.3:a:symantec:norton_ghost:10.0:*:norton_system_works:*:*:*:*:*
-
cpe:2.3:a:symantec:norton_ghost:10.01:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_ghost:10.01:*:*:*:*:*:*:*
-
cpe:2.3:a:symantec:norton_save_and_recovery:1.01:*:sony_euro:*:*:*:*:*
cpe:2.3:a:symantec:norton_save_and_recovery:1.01:*:sony_euro:*:*:*:*:*
-
cpe:2.3:a:symantec:norton_save_and_recovery:1.01b:*:norton_system_works_2007:*:*:*:*:*
cpe:2.3:a:symantec:norton_save_and_recovery:1.01b:*:norton_system_works_2007:*:*:*:*:*
-
cpe:2.3:a:symantec:norton_save_and_recovery:11.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_save_and_recovery:11.0:*:*:*:*:*:*:*
-
cpe:2.3:a:symantec:norton_save_and_recovery:11.01:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_save_and_recovery:11.01:*:*:*:*:*:*:*
-
cpe:2.3:a:symantec:norton_save_and_recovery:11.01b:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_save_and_recovery:11.01b:*:*:*:*:*:*:*
|
CVSS |
Base: | 6.8 (as of 08-03-2011 - 02:54) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
SINGLE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:L/AC:L/Au:S/C:C/I:C/A:C
|
refmap
via4
|
|
Last major update |
08-03-2011 - 02:54 |
Published |
30-04-2007 - 22:19 |
Last modified |
08-03-2011 - 02:54 |