Symantec Ghost SQLAnywhere Local Administrative Authentication Credentials Disclosure Vulnerability
BID:17018
Info
Symantec Ghost SQLAnywhere Local Administrative Authentication Credentials Disclosure Vulnerability
| Bugtraq ID: | 17018 |
| Class: | Design Error |
| CVE: |
CVE-2006-1284 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 07 2006 12:00AM |
| Updated: | Feb 20 2007 04:06PM |
| Credit: | Discovery is credited to Ollie Whitehouse, Symantec. |
| Vulnerable: |
Symantec Ghost 8.2 Symantec Ghost 8.0 |
| Not Vulnerable: |
Symantec Ghost 8.3 |
Discussion
Symantec Ghost SQLAnywhere Local Administrative Authentication Credentials Disclosure Vulnerability
Symantec Ghost is prone to a vulnerability that may allow a local attacker to gain elevated privileges.
The vulnerability presents itself in the Symantec SQLAnywhere database installed with Symantec Ghost and the Central Management Console in Symantec Ghost Solutions Suite (SGSS).
A successful attack can allow an attacker to obtain the authentication credentials and carry out various attacks such as modifying and deleting administrative tasks against a vulnerable computer. This issue can also allow attackers to execute arbitrary to gain elevated privileges on an affected computer.
All builds of Symantec Ghost 8.0 (EOL / EOS 11/15/2005) and Ghost 8.2 (shipped as a part of SGSS 1.0) are vulnerable to this issue.
Symantec Ghost is prone to a vulnerability that may allow a local attacker to gain elevated privileges.
The vulnerability presents itself in the Symantec SQLAnywhere database installed with Symantec Ghost and the Central Management Console in Symantec Ghost Solutions Suite (SGSS).
A successful attack can allow an attacker to obtain the authentication credentials and carry out various attacks such as modifying and deleting administrative tasks against a vulnerable computer. This issue can also allow attackers to execute arbitrary to gain elevated privileges on an affected computer.
All builds of Symantec Ghost 8.0 (EOL / EOS 11/15/2005) and Ghost 8.2 (shipped as a part of SGSS 1.0) are vulnerable to this issue.
Exploit / POC
Symantec Ghost SQLAnywhere Local Administrative Authentication Credentials Disclosure Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Symantec Ghost SQLAnywhere Local Administrative Authentication Credentials Disclosure Vulnerability
Solution:
Symantec has released an advisory (SYM06-003) including fixes to address this issue. Symantec Ghost 8.3 shipped as a part of Symantec Ghost Solutions Suite 1.1 is not vulnerable to this issue.
Solution:
Symantec has released an advisory (SYM06-003) including fixes to address this issue. Symantec Ghost 8.3 shipped as a part of Symantec Ghost Solutions Suite 1.1 is not vulnerable to this issue.
References
Symantec Ghost SQLAnywhere Local Administrative Authentication Credentials Disclosure Vulnerability
References:
References: