{"api_version":"1","generated_at":"2026-04-23T17:14:49+00:00","cve":"CVE-2006-1285","urls":{"html":"https://cve.report/CVE-2006-1285","api":"https://cve.report/api/cve/CVE-2006-1285.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-1285","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-1285"},"summary":{"title":"CVE-2006-1285","description":"SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information.","state":"PUBLISHED","assigner":"mitre","published_at":"2006-03-19 23:02:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"3.2","severity":"","vector":"AV:L/AC:L/Au:S/C:P/I:P/A:N","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:N","baseScore":3.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://securitytracker.com/id?1015733","name":"http://securitytracker.com/id?1015733","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Symantec Ghost Underlying Database Bugs May Let Local Users Access the Database","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/19171","name":"http://secunia.com/advisories/19171","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Symantec Ghost Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/17019","name":"http://www.securityfocus.com/bid/17019","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Symantec Ghost SQLAnywhere Local Information Disclosure and Data Corruption Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2006/0870","name":"http://www.vupen.com/english/advisories/2006/0870","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html","name":"http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Symantec Ghost: Local access vulnerabilities in Database","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-1285","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-1285","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"1285","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"ghost_solutions_suite","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1285","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"norton_ghost","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1285","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"norton_ghost","cpe6":"8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2006","cve_id":"1285","cve":"CVE-2006-1285","epss":"0.001620000","percentile":"0.371320000","score_date":"2026-04-17","updated_at":"2026-04-18 00:07:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T17:03:28.893Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1015733","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1015733"},{"name":"19171","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/19171"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"},{"name":"17019","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/17019"},{"name":"ADV-2006-0870","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2006/0870"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2006-03-07T00:00:00.000Z","descriptions":[{"lang":"en","value":"SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2006-03-25T10:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"1015733","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1015733"},{"name":"19171","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/19171"},{"tags":["x_refsource_CONFIRM"],"url":"http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"},{"name":"17019","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/17019"},{"name":"ADV-2006-0870","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2006/0870"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-1285","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1015733","refsource":"SECTRACK","url":"http://securitytracker.com/id?1015733"},{"name":"19171","refsource":"SECUNIA","url":"http://secunia.com/advisories/19171"},{"name":"http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html","refsource":"CONFIRM","url":"http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"},{"name":"17019","refsource":"BID","url":"http://www.securityfocus.com/bid/17019"},{"name":"ADV-2006-0870","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/0870"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2006-1285","datePublished":"2006-03-19T23:00:00.000Z","dateReserved":"2006-03-19T00:00:00.000Z","dateUpdated":"2024-08-07T17:03:28.893Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2006-03-19 23:02:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:N","baseScore":3.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:ghost_solutions_suite:1.0:*:*:*:*:*:*:*","matchCriteriaId":"5CC78C2D-E376-40C9-A413-E7F1740F8CF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:norton_ghost:8.0:*:*:*:*:*:*:*","matchCriteriaId":"7C4506E0-F4FE-43F0-886A-2F18C39934DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:norton_ghost:8.2:*:*:*:*:*:*:*","matchCriteriaId":"48B6AF37-11B3-4F38-B6E9-04FC32A28630"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"1285","Ordinal":"1","Title":"CVE-2006-1285","CVE":"CVE-2006-1285","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"1285","Ordinal":"1","NoteData":"SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information.","Type":"Description","Title":"CVE-2006-1285"},{"CveYear":"2006","CveId":"1285","Ordinal":"2","NoteData":"2006-03-19","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"1285","Ordinal":"3","NoteData":"2006-03-25","Type":"Other","Title":"Modified"}]}}}