Vulnerabilities > CVE-2006-1285 - Local Information Disclosure and Data Corruption vulnerability in Symantec Ghost Solutions Suite and Norton Ghost

CVSS 3.2 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

symantec

NVD

Published: 2006-03-19

Updated: 2011-03-08

Summary

SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information. Update to Symantec Ghost 8.3 that is shipped as a part of Symantec Ghost Solutions Suite 1.1.

Vulnerable Configurations

Part	Description	Count
Application	Symantec Symantec Ghost Solutions Suite 1.0 Symantec Norton Ghost 8.0 Symantec Norton Ghost 8.2	3

References

http://secunia.com/advisories/19171
http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html
http://securitytracker.com/id?1015733
http://www.securityfocus.com/bid/17019
http://www.vupen.com/english/advisories/2006/0870