Vulnerability Name:

CVE-2007-2361 (CCN-33929)

Assigned:2007-04-26
Published:2007-04-26
Updated:2017-07-29
Summary:Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.
CVSS v3 Severity:5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
3.6 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2007-2361

Source: IDEFENSE
Type: Vendor Advisory
20070426 Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability

Source: CCN
Type: SA25013
Symantec Products Information Disclosure and Buffer Overflow

Source: SECUNIA
Type: UNKNOWN
25013

Source: CCN
Type: SYM07-004
Multiple Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recover Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1017971
Symantec BackupExec System Recovery Discloses Passwords to Local Users and Lets Local Users Execute Arbitrary Code

Source: CCN
Type: OSVDB ID: 35074
Symantec Multiple Products Remote Backup Restore Point Config File Credential Local Disclosure

Source: CCN
Type: BID-23654
Symantec Multiple Products Local Buffer Overflow and Information Disclosure Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1017971

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.symantec.com/avcenter/security/Content/2007.04.26.html

Source: VUPEN
Type: UNKNOWN
ADV-2007-1552

Source: XF
Type: UNKNOWN
symantec-backup-information-disclosure(33929)

Source: XF
Type: UNKNOWN
symantec-backup-information-disclosure(33929)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 04.26.07
Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:backupexec_system_recovery:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:backupexec_system_recovery:6.52:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:backupexec_system_recovery:6.52a:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:backupexec_system_recovery:6.53:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:livestate_recovery:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:livestate_recovery:6.01:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:livestate_recovery:6.02:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_ghost:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_ghost:10.0:*:dell:*:*:*:*:*
  • OR cpe:/a:symantec:norton_ghost:10.0:*:norton_system_works:*:*:*:*:*
  • OR cpe:/a:symantec:norton_ghost:10.01:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_save_and_recovery:1.01:*:sony_euro:*:*:*:*:*
  • OR cpe:/a:symantec:norton_save_and_recovery:1.01b:*:norton_system_works_2007:*:*:*:*:*
  • OR cpe:/a:symantec:norton_save_and_recovery:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_save_and_recovery:11.01:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_save_and_recovery:11.01b:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:norton_ghost:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_ghost:10.01:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_save_and_recovery:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_save_and_recovery:11.01:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_save_and_recovery:11.01b:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_save_and_recovery:1.01b::norton_system_works_2007:*:*:*:*:*
  • OR cpe:/a:symantec:backupexec_system_recovery:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:backupexec_system_recovery:6.52:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:backupexec_system_recovery:6.52a:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:backupexec_system_recovery:6.53:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    symantec backupexec system recovery 6.5
    symantec backupexec system recovery 6.52
    symantec backupexec system recovery 6.52a
    symantec backupexec system recovery 6.53
    symantec livestate recovery 6.0
    symantec livestate recovery 6.01
    symantec livestate recovery 6.02
    symantec norton ghost 10.0
    symantec norton ghost 10.0
    symantec norton ghost 10.0
    symantec norton ghost 10.01
    symantec norton save and recovery 1.01
    symantec norton save and recovery 1.01b
    symantec norton save and recovery 11.0
    symantec norton save and recovery 11.01
    symantec norton save and recovery 11.01b
    symantec norton ghost 10.0
    symantec norton ghost 10.01
    symantec norton save and recovery 11.0
    symantec norton save and recovery 11.01
    symantec norton save and recovery 11.01b
    symantec norton save and recovery 1.01b
    symantec backupexec system recovery 6.5
    symantec backupexec system recovery 6.52
    symantec backupexec system recovery 6.52a
    symantec backupexec system recovery 6.53