ðòïåëôù 

  áòèé÷ 

Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 

  ðåòóïîáìøîïå 

  ðòïçòáííù 

ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA19171] Symantec Ghost Multiple Vulnerabilities

> 
> 
> TITLE:
> Symantec Ghost Multiple Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA19171
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/19171/
> 
> CRITICAL:
> Less critical
> 
> IMPACT:
> Manipulation of data, Exposure of sensitive information, Privilege
> escalation
> 
> WHERE:
> Local system
> 
> SOFTWARE:
> Symantec Ghost 8.x
> http://secunia.com/product/6937/
> Symantec Ghost Solution Suite 1.x
> http://secunia.com/product/8600/
> 
> DESCRIPTION:
> Three vulnerabilities have been reported in Symantec Ghost, which can
> be exploited by malicious, local users to gain knowledge of
> potentially sensitive information, modify certain data, and
> potentially gain escalated privileges.
> 
> 1) Default administrator login id and password left behind during
> installation can be used by local users to modify or delete stored
> administrative tasks. This can be exploited to modify tasks to run
> arbitrary code on the local system.
> 
> 2) Insecure permissions in the shared memory sections within the
> Sybase SQLAnywhere database used by Symantec Ghost can potentially be
> exploited to gain access to, and to modify information stored in the
> database.
> 
> 3) A boundary error in the login dialog box of dbisqlc.exe which is
> installed as a part of the SQLAnywhere package, can cause a buffer
> overflow. This can potentially be exploited to gain access to
> information stored in the database that is not normally accessible.
> 
> The vulnerabilities have been reported in the following versions:
> * Symantec Ghost 8.0.
> * Symantec Ghost 8.2 (shipped as a part of Symantec Ghost Solutions
> Suite 1.0).
> 
> SOLUTION:
> Update to Symantec Ghost 8.3 that is shipped as a part of Symantec
> Ghost Solutions Suite 1.1.
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Ollie Whitehouse, Symantec.
> 
> ORIGINAL ADVISORY:
> http://securityresponse.symantec.com/avcenter/security/Content
> /2006.03.07.html
> 
> ----------------------------------------------------------------------
> 
> About:
> This Advisory was delivered by Secunia as a free service to help
> everybody keeping their systems up to date against the latest
> vulnerabilities.
> 
> Subscribe:
> http://secunia.com/secunia_security_advisories/
> 
> Definitions: (Criticality, Where etc.)
> http://secunia.com/about_secunia_advisories/
> 
> 
> Please Note:
> Secunia recommends that you verify all advisories you receive by
> clicking the link.
> Secunia NEVER sends attached files with advisories.
> Secunia does not advise people to install third party patches, only
> use those supplied by the vendor.
> 
> ----------------------------------------------------------------------
> 
> Unsubscribe: Secunia Security Advisories
> http://secunia.com/sec_adv_unsubscribe/?email=vladimir.kazenno
> v%40billing.ru
> 
> ----------------------------------------------------------------------
>

 



Copyright © Lexa Software, 1996-2009.