Symantec Ghost SQLAnywhere Local Information Disclosure and Data Corruption Vulnerability
BID:17019
Info
Symantec Ghost SQLAnywhere Local Information Disclosure and Data Corruption Vulnerability
| Bugtraq ID: | 17019 |
| Class: | Access Validation Error |
| CVE: |
CVE-2006-1285 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 07 2006 12:00AM |
| Updated: | Feb 20 2007 04:06PM |
| Credit: | Discovery is credited to Ollie Whitehouse, Symantec. |
| Vulnerable: |
Symantec Ghost 8.2 Symantec Ghost 8.0 |
| Not Vulnerable: |
Symantec Ghost 8.3 |
Discussion
Symantec Ghost SQLAnywhere Local Information Disclosure and Data Corruption Vulnerability
Symantec Ghost is prone to a vulnerability that may allow a local unauthorized attacker to access or modify stored data.
This issue results from incorrect memory-mapping permissions associated with shared memory in SQLAnywhere.
Exploitation of this issue may lead to other attacks against a computer as well.
Symantec Ghost is prone to a vulnerability that may allow a local unauthorized attacker to access or modify stored data.
This issue results from incorrect memory-mapping permissions associated with shared memory in SQLAnywhere.
Exploitation of this issue may lead to other attacks against a computer as well.
Exploit / POC
Symantec Ghost SQLAnywhere Local Information Disclosure and Data Corruption Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Symantec Ghost SQLAnywhere Local Information Disclosure and Data Corruption Vulnerability
Solution:
Symantec has released an advisory (SYM06-003) including fixes to address this issue. Symantec Ghost 8.3 shipped as a part of Symantec Ghost Solutions Suite 1.1 is not vulnerable to this issue.
Solution:
Symantec has released an advisory (SYM06-003) including fixes to address this issue. Symantec Ghost 8.3 shipped as a part of Symantec Ghost Solutions Suite 1.1 is not vulnerable to this issue.
References
Symantec Ghost SQLAnywhere Local Information Disclosure and Data Corruption Vulnerability
References:
References: