Vulnerabilities > CVE-2007-2361 - Local Security vulnerability in BackupExec System Recovery

CVSS 4.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

local

low complexity

symantec

NVD

Published: 2007-04-30

Updated: 2017-07-29

Summary

Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.

Vulnerable Configurations

Part	Description	Count
Application	Symantec Symantec Backupexec System Recovery 6.5 Symantec Backupexec System Recovery 6.52 Symantec Backupexec System Recovery 6.52A Symantec Backupexec System Recovery 6.53 Symantec Livestate Recovery 6.0 Symantec Livestate Recovery 6.01 Symantec Livestate Recovery 6.02 Symantec Norton Ghost 10.0 Symantec Norton Ghost 10.01 Symantec Norton Save AND Recovery 1.01 Symantec Norton Save AND Recovery 1.01B Symantec Norton Save AND Recovery 11.0 Symantec Norton Save AND Recovery 11.01 Symantec Norton Save AND Recovery 11.01B	16

Summary

Vulnerable Configurations

References