Vulnerability in Symantec Norton Ghost and Related Products
CVE-2007-2360

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Ghost; Norton Save And Recovery; Backupexec System Recovery; Livestate Recovery
Vendor: CVE Published:; 30 April 2007

Summary

The vulnerability present in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery allows local users to exploit encrypted network share credentials linked to remote backups of restore point images. The key used for encryption is derived from a hash of the username, which may be exploited by attackers with local access to obtain sensitive credentials, leading to potential unauthorized access to shared resources.

References

http://www.securitytracker.com/id?1017971

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2007/1552

vdb-entryx_refsource_VUPEN

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

Timeline

Vulnerability published
Apr 30, 2007
Vulnerability Reserved
Apr 30, 2007