ID CVE-2007-2361
Summary Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:backupexec_system_recovery:6.5
    cpe:2.3:a:symantec:backupexec_system_recovery:6.5
  • cpe:2.3:a:symantec:backupexec_system_recovery:6.52
    cpe:2.3:a:symantec:backupexec_system_recovery:6.52
  • cpe:2.3:a:symantec:backupexec_system_recovery:6.52a
    cpe:2.3:a:symantec:backupexec_system_recovery:6.52a
  • cpe:2.3:a:symantec:backupexec_system_recovery:6.53
    cpe:2.3:a:symantec:backupexec_system_recovery:6.53
  • Symantec LiveState Recovery 6.0
    cpe:2.3:a:symantec:livestate_recovery:6.0
  • Symantec LiveState Recovery 6.01
    cpe:2.3:a:symantec:livestate_recovery:6.01
  • Symantec LiveState Recovery 6.02
    cpe:2.3:a:symantec:livestate_recovery:6.02
  • cpe:2.3:a:symantec:norton_ghost:10.0
    cpe:2.3:a:symantec:norton_ghost:10.0
  • cpe:2.3:a:symantec:norton_ghost:10.0:-:dell
    cpe:2.3:a:symantec:norton_ghost:10.0:-:dell
  • cpe:2.3:a:symantec:norton_ghost:10.0:-:norton_system_works
    cpe:2.3:a:symantec:norton_ghost:10.0:-:norton_system_works
  • cpe:2.3:a:symantec:norton_ghost:10.01
    cpe:2.3:a:symantec:norton_ghost:10.01
  • cpe:2.3:a:symantec:norton_save_and_recovery:1.01:-:sony_euro
    cpe:2.3:a:symantec:norton_save_and_recovery:1.01:-:sony_euro
  • cpe:2.3:a:symantec:norton_save_and_recovery:1.01b:-:norton_system_works_2007
    cpe:2.3:a:symantec:norton_save_and_recovery:1.01b:-:norton_system_works_2007
  • cpe:2.3:a:symantec:norton_save_and_recovery:11.0
    cpe:2.3:a:symantec:norton_save_and_recovery:11.0
  • cpe:2.3:a:symantec:norton_save_and_recovery:11.01
    cpe:2.3:a:symantec:norton_save_and_recovery:11.01
  • cpe:2.3:a:symantec:norton_save_and_recovery:11.01b
    cpe:2.3:a:symantec:norton_save_and_recovery:11.01b
CVSS
Base: 4.9 (as of 01-05-2007 - 13:13)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
refmap via4
confirm http://www.symantec.com/avcenter/security/Content/2007.04.26.html
idefense 20070426 Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability
sectrack 1017971
secunia 25013
vupen ADV-2007-1552
xf symantec-backup-information-disclosure(33929)
Last major update 07-03-2011 - 21:54
Published 30-04-2007 - 18:19
Last modified 28-07-2017 - 21:31
Back to Top