SQL Injection Vulnerability in Symantec Ghost Solutions Suite
CVE-2006-1285

Currently unrated

Key Information:

Vendor: Symantec
Status: Ghost Solutions Suite; Norton Ghost
Vendor: CVE Published:; 19 March 2006

Summary

The SQLAnywhere component in Symantec Ghost 8.0 and 8.2, used within Symantec Ghost Solutions Suite 1.0, has a vulnerability that grants read and write access to all users on database shared memory sections. This flaw enables local users to potentially access and alter sensitive information, which might lead to unauthorized modification of data. Proper access controls should be implemented to safeguard the integrity of the database.

References

http://securitytracker.com/id?1015733

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/19171

third-party-advisoryx_refsource_SECUNIA

http://securityresponse.symantec.com/avcenter/security/Co...

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 19, 2006
Vulnerability Reserved
Mar 19, 2006