All the vulnerabilites related to symantec - ghost_solutions_suite
cve-2006-1284
Vulnerability from cvelistv5
Published
2006-03-19 23:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1015733 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/19171 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/17018 | vdb-entry, x_refsource_BID | |
| http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/0870 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015733"
},
{
"name": "19171",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19171"
},
{
"name": "17018",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"name": "ADV-2006-0870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0870"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-03-25T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015733"
},
{
"name": "19171",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19171"
},
{
"name": "17018",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"name": "ADV-2006-0870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0870"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015733",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015733"
},
{
"name": "19171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19171"
},
{
"name": "17018",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17018"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"name": "ADV-2006-0870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0870"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1284",
"datePublished": "2006-03-19T23:00:00",
"dateReserved": "2006-03-19T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3132
Vulnerability from cvelistv5
Published
2007-06-08 16:00
Modified
2024-08-07 14:05
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and earlier, with Ghost 8.0.992 and possibly other versions, allow remote attackers to cause a denial of service (client or server crash) via malformed requests to the daemon port, 1346/udp or 1347/udp.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34745 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/24323 | vdb-entry, x_refsource_BID | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=540 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.securityfocus.com/archive/1/470644/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1018200 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2007/2075 | vdb-entry, x_refsource_VUPEN | |
| http://securityreason.com/securityalert/2805 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/25539 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/36106 | vdb-entry, x_refsource_OSVDB | |
| http://www.symantec.com/avcenter/security/Content/2007.06.05b.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:28.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "symantec-ghost-udp-dos(34745)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34745"
},
{
"name": "24323",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24323"
},
{
"name": "20070605 Symantec Ghost Multiple Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=540"
},
{
"name": "20070606 iDefense Security Advisory 06.05.07: Symantec Ghost Multiple Denial of Service Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470644/100/0/threaded"
},
{
"name": "1018200",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018200"
},
{
"name": "ADV-2007-2075",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2075"
},
{
"name": "2805",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2805"
},
{
"name": "25539",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25539"
},
{
"name": "36106",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05b.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and earlier, with Ghost 8.0.992 and possibly other versions, allow remote attackers to cause a denial of service (client or server crash) via malformed requests to the daemon port, 1346/udp or 1347/udp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "symantec-ghost-udp-dos(34745)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34745"
},
{
"name": "24323",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24323"
},
{
"name": "20070605 Symantec Ghost Multiple Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=540"
},
{
"name": "20070606 iDefense Security Advisory 06.05.07: Symantec Ghost Multiple Denial of Service Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470644/100/0/threaded"
},
{
"name": "1018200",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018200"
},
{
"name": "ADV-2007-2075",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2075"
},
{
"name": "2805",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2805"
},
{
"name": "25539",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25539"
},
{
"name": "36106",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05b.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and earlier, with Ghost 8.0.992 and possibly other versions, allow remote attackers to cause a denial of service (client or server crash) via malformed requests to the daemon port, 1346/udp or 1347/udp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-ghost-udp-dos(34745)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34745"
},
{
"name": "24323",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24323"
},
{
"name": "20070605 Symantec Ghost Multiple Denial of Service Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=540"
},
{
"name": "20070606 iDefense Security Advisory 06.05.07: Symantec Ghost Multiple Denial of Service Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470644/100/0/threaded"
},
{
"name": "1018200",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018200"
},
{
"name": "ADV-2007-2075",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2075"
},
{
"name": "2805",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2805"
},
{
"name": "25539",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25539"
},
{
"name": "36106",
"refsource": "OSVDB",
"url": "http://osvdb.org/36106"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.06.05b.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05b.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3132",
"datePublished": "2007-06-08T16:00:00",
"dateReserved": "2007-06-08T00:00:00",
"dateUpdated": "2024-08-07T14:05:28.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5689
Vulnerability from cvelistv5
Published
2015-09-20 20:00
Modified
2024-08-06 06:59
Severity ?
EPSS score ?
Summary
ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://zerodayinitiative.com/advisories/ZDI-15-419/ | x_refsource_MISC | |
| http://www.securitytracker.com/id/1033577 | vdb-entry, x_refsource_SECTRACK | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150902_00 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/76498 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:04.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-15-419/"
},
{
"name": "1033577",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033577"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150902_00"
},
{
"name": "76498",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-15-419/"
},
{
"name": "1033577",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033577"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150902_00"
},
{
"name": "76498",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76498"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-5689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-15-419/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-15-419/"
},
{
"name": "1033577",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033577"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150902_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150902_00"
},
{
"name": "76498",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76498"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-5689",
"datePublished": "2015-09-20T20:00:00",
"dateReserved": "2015-07-28T00:00:00",
"dateUpdated": "2024-08-06T06:59:04.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0306
Vulnerability from cvelistv5
Published
2012-10-18 17:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted backup file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121010_00 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/55748 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1027648 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:29.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20121010_00"
},
{
"name": "55748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55748"
},
{
"name": "1027648",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted backup file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20121010_00"
},
{
"name": "55748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55748"
},
{
"name": "1027648",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted backup file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20121010_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20121010_00"
},
{
"name": "55748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55748"
},
{
"name": "1027648",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0306",
"datePublished": "2012-10-18T17:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-06T18:23:29.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1286
Vulnerability from cvelistv5
Published
2006-03-19 23:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, might allow local users to read certain sensitive information from the database.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25089 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1015733 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/19171 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/0870 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ghost-dbisqlc-bo(25089)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25089"
},
{
"name": "1015733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015733"
},
{
"name": "19171",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"name": "ADV-2006-0870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0870"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, might allow local users to read certain sensitive information from the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ghost-dbisqlc-bo(25089)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25089"
},
{
"name": "1015733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015733"
},
{
"name": "19171",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"name": "ADV-2006-0870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0870"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, might allow local users to read certain sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ghost-dbisqlc-bo(25089)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25089"
},
{
"name": "1015733",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015733"
},
{
"name": "19171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19171"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"name": "ADV-2006-0870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0870"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1286",
"datePublished": "2006-03-19T23:00:00",
"dateReserved": "2006-03-19T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0640
Vulnerability from cvelistv5
Published
2008-02-08 01:00
Modified
2024-08-07 07:54
Severity ?
EPSS score ?
Summary
Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/28853 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/0474 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1019356 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/27644 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/avcenter/security/Content/2008.02.07.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:22.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28853"
},
{
"name": "ADV-2008-0474",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0474"
},
{
"name": "1019356",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019356"
},
{
"name": "27644",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27644"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.07.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-13T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28853"
},
{
"name": "ADV-2008-0474",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0474"
},
{
"name": "1019356",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019356"
},
{
"name": "27644",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27644"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.07.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28853"
},
{
"name": "ADV-2008-0474",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0474"
},
{
"name": "1019356",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019356"
},
{
"name": "27644",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27644"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.02.07.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.07.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0640",
"datePublished": "2008-02-08T01:00:00",
"dateReserved": "2008-02-06T00:00:00",
"dateUpdated": "2024-08-07T07:54:22.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1285
Vulnerability from cvelistv5
Published
2006-03-19 23:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1015733 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/19171 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/17019 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2006/0870 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015733"
},
{
"name": "19171",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"name": "17019",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17019"
},
{
"name": "ADV-2006-0870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0870"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-03-25T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015733"
},
{
"name": "19171",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"name": "17019",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17019"
},
{
"name": "ADV-2006-0870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0870"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015733",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015733"
},
{
"name": "19171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19171"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"name": "17019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17019"
},
{
"name": "ADV-2006-0870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0870"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1285",
"datePublished": "2006-03-19T23:00:00",
"dateReserved": "2006-03-19T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2006-03-19 23:02
Modified
2024-11-21 00:08
Severity ?
Summary
SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | ghost_solutions_suite | 1.0 | |
| symantec | norton_ghost | 8.0 | |
| symantec | norton_ghost | 8.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC78C2D-E376-40C9-A413-E7F1740F8CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4506E0-F4FE-43F0-886A-2F18C39934DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48B6AF37-11B3-4F38-B6E9-04FC32A28630",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information."
}
],
"evaluatorSolution": "Update to Symantec Ghost 8.3 that is shipped as a part of Symantec Ghost Solutions Suite 1.1.",
"id": "CVE-2006-1285",
"lastModified": "2024-11-21T00:08:30.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-19T23:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19171"
},
{
"source": "cve@mitre.org",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015733"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17019"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-08 16:30
Modified
2024-11-21 00:32
Severity ?
Summary
Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and earlier, with Ghost 8.0.992 and possibly other versions, allow remote attackers to cause a denial of service (client or server crash) via malformed requests to the daemon port, 1346/udp or 1347/udp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | ghost_solutions_suite | * | |
| symantec | norton_ghost | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FD2612-DCF4-47E1-803C-A3A5FE32A29A",
"versionEndIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4506E0-F4FE-43F0-886A-2F18C39934DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and earlier, with Ghost 8.0.992 and possibly other versions, allow remote attackers to cause a denial of service (client or server crash) via malformed requests to the daemon port, 1346/udp or 1347/udp."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en Symantec Ghost Solution Suite 2.0.0 y versiones anteriores, con Ghost 8.0.992 y posiblemente otra versiones, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de cliente o servidor) mediante peticiones malformadas al puerto del demonio, 1346/udp \u00f3 1347/udp."
}
],
"id": "CVE-2007-3132",
"lastModified": "2024-11-21T00:32:28.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-08T16:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=540"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36106"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25539"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2805"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/470644/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24323"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018200"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05b.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2075"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/470644/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34745"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-19 23:02
Modified
2024-11-21 00:08
Severity ?
Summary
The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | ghost_solutions_suite | 1.0 | |
| symantec | norton_ghost | 8.0 | |
| symantec | norton_ghost | 8.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC78C2D-E376-40C9-A413-E7F1740F8CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4506E0-F4FE-43F0-886A-2F18C39934DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48B6AF37-11B3-4F38-B6E9-04FC32A28630",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks."
}
],
"id": "CVE-2006-1284",
"lastModified": "2024-11-21T00:08:30.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-19T23:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19171"
},
{
"source": "cve@mitre.org",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015733"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17018"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-08 02:00
Modified
2024-11-21 00:42
Severity ?
Summary
Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | ghost_solutions_suite | 1.1 | |
| symantec | ghost_solutions_suite | 2.0.0 | |
| symantec | ghost_solutions_suite | 2.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A66AA7A-B410-45E8-8BB0-1F349BB30422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27FA37CC-D408-4213-8A3F-C46C97008E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFEA8748-EE69-4803-96B1-9359F45022C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing."
},
{
"lang": "es",
"value": "Symantec Ghost Solution Suite versi\u00f3n 1.1 anterior a 1.1 parche 2, versiones 2.0.0 y 2.0.1 no autentica las conexiones entre la consola y Ghost Management Agent, lo que permite a los atacantes remotos ejecutar comandos arbitrarios por medio de peticiones RPC no especificadas en conjunto con suplantaci\u00f3n de ARP."
}
],
"id": "CVE-2008-0640",
"lastModified": "2024-11-21T00:42:34.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-08T02:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28853"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27644"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019356"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.07.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.07.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0474"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-19 23:02
Modified
2024-11-21 00:08
Severity ?
Summary
Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, might allow local users to read certain sensitive information from the database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | ghost_solutions_suite | 1.0 | |
| symantec | norton_ghost | 8.0 | |
| symantec | norton_ghost | 8.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC78C2D-E376-40C9-A413-E7F1740F8CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4506E0-F4FE-43F0-886A-2F18C39934DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48B6AF37-11B3-4F38-B6E9-04FC32A28630",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, might allow local users to read certain sensitive information from the database."
}
],
"evaluatorSolution": "Update to Symantec Ghost 8.3 that is shipped as a part of Symantec Ghost Solutions Suite 1.1.\r\n",
"id": "CVE-2006-1286",
"lastModified": "2024-11-21T00:08:30.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-19T23:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19171"
},
{
"source": "cve@mitre.org",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015733"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0870"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25089"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-18 17:55
Modified
2024-11-21 01:34
Severity ?
Summary
Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted backup file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | ghost_solutions_suite | 2.0 | |
| symantec | ghost_solutions_suite | 2.0.0 | |
| symantec | ghost_solutions_suite | 2.0.1 | |
| symantec | ghost_solutions_suite | 2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20F9D50A-80D2-4A4B-A01C-19788DD2DB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27FA37CC-D408-4213-8A3F-C46C97008E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFEA8748-EE69-4803-96B1-9359F45022C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45EA41CF-CCE9-425E-A1DB-926E79052F9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted backup file."
},
{
"lang": "es",
"value": "Symantec Ghost Solution Suite v2.x hasta v2.5.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un archivo de copia de seguridad manipulado."
}
],
"id": "CVE-2012-0306",
"lastModified": "2024-11-21T01:34:45.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-18T17:55:01.487",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/55748"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1027648"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20121010_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20121010_00"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-20 20:59
Modified
2024-11-21 02:33
Severity ?
Summary
ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | deployment_solution | 6.9 | |
| symantec | ghost_solutions_suite | 1.0 | |
| symantec | ghost_solutions_suite | 1.1 | |
| symantec | ghost_solutions_suite | 1.1 | |
| symantec | ghost_solutions_suite | 2.0 | |
| symantec | ghost_solutions_suite | 2.0.1 | |
| symantec | ghost_solutions_suite | 2.0.2 | |
| symantec | ghost_solutions_suite | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:deployment_solution:6.9:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F3BE5757-329A-4D6D-A281-2CF8AF524D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC78C2D-E376-40C9-A413-E7F1740F8CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A66AA7A-B410-45E8-8BB0-1F349BB30422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:1.1:p2:*:*:*:*:*:*",
"matchCriteriaId": "2A6A9D9C-86A7-46E9-92F4-E0B3BA13E17E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20F9D50A-80D2-4A4B-A01C-19788DD2DB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFEA8748-EE69-4803-96B1-9359F45022C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC11F79-EED1-43D8-9C8C-437976FCF0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "021478CB-EBCD-4227-A29D-BC6480CB738C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image."
},
{
"lang": "es",
"value": "Vulnerabilidad en ghostexp.exe en Ghost Explorer Utility en Symantec Ghost Solutions Suite (GSS) en versiones anteriores a 3.0 HF2 12.0.0.8010 y Symantec Deployment Solution (DS) en versiones anteriores a 7.6 HF4 12.0.0.7045, realiza una operaci\u00f3n de extensi\u00f3n de signo indebida antes de los accesos a los elementos del array, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario, causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente obtener informaci\u00f3n sensible a trav\u00e9s de una imagen Ghost manipulada."
}
],
"id": "CVE-2015-5689",
"lastModified": "2024-11-21T02:33:38.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-09-20T20:59:04.040",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/76498"
},
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1033577"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150902_00"
},
{
"source": "secure@symantec.com",
"url": "http://zerodayinitiative.com/advisories/ZDI-15-419/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150902_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-15-419/"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}