ID CVE-2007-2361
Summary Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:backupexec_system_recovery:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:backupexec_system_recovery:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:backupexec_system_recovery:6.52:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:backupexec_system_recovery:6.52:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:backupexec_system_recovery:6.52a:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:backupexec_system_recovery:6.52a:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:backupexec_system_recovery:6.53:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:backupexec_system_recovery:6.53:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:livestate_recovery:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:livestate_recovery:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:livestate_recovery:6.01:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:livestate_recovery:6.01:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:livestate_recovery:6.02:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:livestate_recovery:6.02:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_ghost:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_ghost:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_ghost:10.0:*:dell:*:*:*:*:*
    cpe:2.3:a:symantec:norton_ghost:10.0:*:dell:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_ghost:10.0:*:norton_system_works:*:*:*:*:*
    cpe:2.3:a:symantec:norton_ghost:10.0:*:norton_system_works:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_ghost:10.01:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_ghost:10.01:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_save_and_recovery:1.01:*:sony_euro:*:*:*:*:*
    cpe:2.3:a:symantec:norton_save_and_recovery:1.01:*:sony_euro:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_save_and_recovery:1.01b:*:norton_system_works_2007:*:*:*:*:*
    cpe:2.3:a:symantec:norton_save_and_recovery:1.01b:*:norton_system_works_2007:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_save_and_recovery:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_save_and_recovery:11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_save_and_recovery:11.01:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_save_and_recovery:11.01:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_save_and_recovery:11.01b:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_save_and_recovery:11.01b:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:N/A:N
refmap via4
confirm http://www.symantec.com/avcenter/security/Content/2007.04.26.html
idefense 20070426 Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability
sectrack 1017971
secunia 25013
vupen ADV-2007-1552
xf symantec-backup-information-disclosure(33929)
Last major update 29-07-2017 - 01:31
Published 30-04-2007 - 22:19
Back to Top