Vulnerabilities > CVE-2007-2361 - Local Security vulnerability in BackupExec System Recovery
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.
Vulnerable Configurations
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520
- http://secunia.com/advisories/25013
- http://www.securitytracker.com/id?1017971
- http://www.symantec.com/avcenter/security/Content/2007.04.26.html
- http://www.vupen.com/english/advisories/2007/1552
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33929