Информационная безопасность
[RU] switch to English


Многочисленные уязвимостей в Symantec Norton Ghost (multiple bugs)
Опубликовано:28 апреля 2007 г.
Источник:
SecurityVulns ID:7645
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнение буфера в Service Manager, слабое шифрование.
CVE:CVE-2007-2361 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.)
 CVE-2007-2360 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.)
 CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability (28.04.2007)
 documentIDEFENSE, iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Service Manager Buffer Overflow Vulnerability (28.04.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород