Symantec Multiple Products Local Buffer Overflow and Information Disclosure Vulnerabilities
BID:23654
Info
Symantec Multiple Products Local Buffer Overflow and Information Disclosure Vulnerabilities
| Bugtraq ID: | 23654 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 26 2007 12:00AM |
| Updated: | Apr 30 2007 06:50PM |
| Credit: | Pravus is credited with discovering these issues. |
| Vulnerable: |
Symantec Norton Save & Recovery Sony Euro 1.01 Symantec Norton Save & Recovery for Norton SystemWorks 2007 1.01B Symantec Norton Save & Recovery 11.01B Symantec Norton Save & Recovery 11.01 Symantec Norton Save & Recovery 11.0 Symantec Norton Ghost for Norton SystemWorks 10.0 Symantec Norton Ghost for Dell 10.0 Symantec Norton Ghost 10.1 Symantec Norton Ghost 10.0 Symantec LiveState Recovery 6.02 Symantec LiveState Recovery 6.01 Symantec LiveState Recovery 6.0 Symantec BackupExec System Recovery 6.53 Symantec BackupExec System Recovery 6.52A Symantec BackupExec System Recovery 6.52 Symantec BackupExec System Recovery 6.5 |
| Not Vulnerable: | |
Discussion
Symantec Multiple Products Local Buffer Overflow and Information Disclosure Vulnerabilities
Multiple Symantec products are prone to a buffer-overflow and an information-disclosure vulnerability.
Attackers may exploit these issues to execute arbitrary code on a vulnerable computer with SYSTEM-level privilleges or to gain access to sensitive information.
These vulnerabilities affect Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recover.
Multiple Symantec products are prone to a buffer-overflow and an information-disclosure vulnerability.
Attackers may exploit these issues to execute arbitrary code on a vulnerable computer with SYSTEM-level privilleges or to gain access to sensitive information.
These vulnerabilities affect Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recover.
Exploit / POC
Symantec Multiple Products Local Buffer Overflow and Information Disclosure Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Symantec Multiple Products Local Buffer Overflow and Information Disclosure Vulnerabilities
Solution:
Symantec has released an advisory and updates to address these issues. Product updates are available through LiveUpdate. Please see the references for more information.
Solution:
Symantec has released an advisory and updates to address these issues. Product updates are available through LiveUpdate. Please see the references for more information.
References
Symantec Multiple Products Local Buffer Overflow and Information Disclosure Vulnerabilities
References:
References:
- SYM07-004: Multiple Norton Ghost, Norton Save & Recovery, LiveState Recovery, an (Symantec)
- Symantec Homepage (Symantec)
- iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Recovery Points In (iDefense)
- iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Service Manager Bu (iDefense)
- Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability (iDefense)
- Symantec Norton Ghost 10 Service Manager Buffer Overflow Vulnerability (iDefense)