FKIE_CVE-2007-2359

Vulnerability from fkie_nvd - Published: 2007-04-30 22:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string.
References
cve@mitre.orghttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=519Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/25013
cve@mitre.orghttp://www.securitytracker.com/id?1017971
cve@mitre.orghttp://www.symantec.com/avcenter/security/Content/2007.04.26.htmlVendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1552
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/33931
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=519Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25013
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017971
af854a3a-2127-422b-91ae-364da2661108http://www.symantec.com/avcenter/security/Content/2007.04.26.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1552
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/33931
Impacted products
Vendor Product Version
symantec backupexec_system_recovery 6.5
symantec backupexec_system_recovery 6.52
symantec backupexec_system_recovery 6.52a
symantec backupexec_system_recovery 6.53
symantec livestate_recovery 6.0
symantec livestate_recovery 6.01
symantec livestate_recovery 6.02
symantec norton_ghost 10.0
symantec norton_ghost 10.0
symantec norton_ghost 10.0
symantec norton_ghost 10.01
symantec norton_save_and_recovery 1.01
symantec norton_save_and_recovery 1.01b
symantec norton_save_and_recovery 11.0
symantec norton_save_and_recovery 11.01
symantec norton_save_and_recovery 11.01b
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0598D0E-0BCA-4711-89DE-53C528D9015B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BAB9A49-0311-4D33-8F58-F1228CABA8EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.52a:*:*:*:*:*:*:*",
              "matchCriteriaId": "2942EF66-62D1-49F9-A38C-BFEEAD22F62E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7F5F20-B428-4754-9274-F16BC01E8957",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:livestate_recovery:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F3C4CA-B6D1-4B7A-9C98-8CE0A71C86DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:livestate_recovery:6.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E137FF2-AEC3-48CD-B744-76615B433554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:livestate_recovery:6.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "880D2EE8-DB5C-478A-86F6-1960C1F68E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_ghost:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA920B14-D3B2-4528-8A6F-C8545FA466AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_ghost:10.0:*:dell:*:*:*:*:*",
              "matchCriteriaId": "48289358-FC5D-4CC9-B420-365B1FB842F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_ghost:10.0:*:norton_system_works:*:*:*:*:*",
              "matchCriteriaId": "6A43FA5B-E637-41B3-BCD9-A3DF2A372DE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_ghost:10.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F6128F8-5BE1-4A5A-BCEF-D0C9F94E306E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:1.01:*:sony_euro:*:*:*:*:*",
              "matchCriteriaId": "A059387D-6A4E-4F23-B16F-9C04601A556D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:1.01b:*:norton_system_works_2007:*:*:*:*:*",
              "matchCriteriaId": "D4EE821D-CCA3-43C7-8044-31F9373AA8FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8881CCEE-CDC3-4634-AD25-C705FD8BDE9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:11.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD4775B1-3712-429D-9227-824CFAB69FE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:11.01b:*:*:*:*:*:*:*",
              "matchCriteriaId": "082E74B5-1045-4BCF-93A2-AF0AFF4EAA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en Ghost Service Manager, tal y como se usa en Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, y BackupExec System Recovery versiones anteriores a 20070426, permite a usuarios locales obtener privilegios mediante una cadena larga."
    }
  ],
  "id": "CVE-2007-2359",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-30T22:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=519"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25013"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017971"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1552"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017971"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1552"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33931"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.