TITLE: Symantec Ghost Multiple Vulnerabilities SECUNIA ADVISORY ID: SA19171 VERIFY ADVISORY: http://secunia.com/advisories/19171/ CRITICAL: Less critical IMPACT: Manipulation of data, Exposure of sensitive information, Privilege escalation WHERE: Local system SOFTWARE: Symantec Ghost 8.x http://secunia.com/product/6937/ Symantec Ghost Solution Suite 1.x http://secunia.com/product/8600/ DESCRIPTION: Three vulnerabilities have been reported in Symantec Ghost, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information, modify certain data, and potentially gain escalated privileges. 1) Default administrator login id and password left behind during installation can be used by local users to modify or delete stored administrative tasks. This can be exploited to modify tasks to run arbitrary code on the local system. 2) Insecure permissions in the shared memory sections within the Sybase SQLAnywhere database used by Symantec Ghost can potentially be exploited to gain access to, and to modify information stored in the database. 3) A boundary error in the login dialog box of dbisqlc.exe which is installed as a part of the SQLAnywhere package, can cause a buffer overflow. This can potentially be exploited to gain access to information stored in the database that is not normally accessible. The vulnerabilities have been reported in the following versions: * Symantec Ghost 8.0. * Symantec Ghost 8.2 (shipped as a part of Symantec Ghost Solutions Suite 1.0). SOLUTION: Update to Symantec Ghost 8.3 that is shipped as a part of Symantec Ghost Solutions Suite 1.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ollie Whitehouse, Symantec. ORIGINAL ADVISORY: http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------