4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
Symantec engineers updated the db component to address three local access vulnerabilities discovered in the database installed with Symantec Ghost and the Central Management Console in Symantec Ghost Solutions Suite (SGSS) 1.0. Exploitation of any of these issues requires physical access to the host system. Successful exploitation by a malicious local user could result in unauthorized information disclosure, modification or destruction of stored administrative data or could possibly be leveraged by a non-privileged local user to potentially gain additional access on the local system.
Risk Impact
low (Highly configuration dependent)
Remote Access
|
No
—|—
Local Access
|
Yes
Authentication Required
|
Yes
Exploit publicly available
|
No
Product
|
Version
|
Build
|
Solution
—|—|—|—
Symantec Ghost
|
8.0 (EOL / EOS 11/15/2005)
|
All
|
Symantec Ghost 8.3 shipped as a part of Symantec Ghost Solutions Suite 1.1
Symantec Ghost
|
8.2 (shipped as a part of SGSS 1.0)
|
All
|
Symantec Ghost 8.3 shipped as a part of Symantec Ghost Solutions Suite 1.1
Details
The three local access vulnerabilities addressed in Symantec Ghost Solutions Suite 1.1 were:
The Common Vulnerabilities and Exposures (CVE) initiative has assigned CVE Candidate CVE-2006-1284 to the default login issue
The Common Vulnerabilities and Exposures (CVE) initiative has assigned CVE Candidate CVE-2006-1285 to the memory mapping issue.
The Common Vulnerabilities and Exposures (CVE) initiative has assigned CVE Candidate CVE-2006-1286 to the login dialog overflow issue.
These issues are candidates for inclusion in the CVE list (<http://cve.mitre.org>), which standardizes names for security problems.
Symantec Response
Symantec engineers have verified all issues and fixes have been released in Symantec Ghost Solutions Suite 1.1 for all languages.
Symantec engineers determined the problems existed in the implementation of the older SQLAnywhere version installed with earlier Symantec Ghost products. The latest release of SyBase SQLAnywhere 9.0 integrated with Symantec Ghost Solutions Suite 1.1 fully addresses these issues.
Symantec recommends customers upgrade to the latest release of Symantec Ghost Solutions Suite 1.1. Contact your appropriate support channels for upgrade information.
NOTE: In a recommended installation, the system hosting the Symantec Ghost Console component of Symantec Ghost Solutions Suite should be restricted to trusted, privileged access users only. This prevents non-privileged local users from accessing or modifying data stored on the system.
Symantec is not aware of any exploit of or adverse customer impact from these issues.
As normal best practices, Symantec strongly recommends:
Ollie Whitehouse, Symantec, identified these issues in Symantec Ghost Solution Suite 1.0
Revision History
3/16/2006 - advisory updated to better identify the cause of the problems discovered and addressed in Symantec Ghost Solutions Suite 1.0 database implementation
3/23/2006 - Added assigned CVE numbers
CPE | Name | Operator | Version |
---|---|---|---|
symantec ghost | eq | 8 | |
symantec ghost | eq | 8 |