Vulnerabilites related to symantec - backupexec_system_recovery
Vulnerability from fkie_nvd
Published
2012-07-23 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | backupexec_system_recovery | 2010 | |
| symantec | backupexec_system_recovery | 2011 | |
| symantec | system_recovery | 2011 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "1C27E870-B317-424C-A315-ABFB38AE4697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "AD81DCC7-EC02-4DB7-992C-2982487B8212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:system_recovery:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "D84FE1A9-2A18-4D84-ADB4-1BC6767B9C89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de path de b\u00fasqueda no confiable en Symantec System Recovery 2011 anteriores a SP2 y Backup Exec System Recovery 2010 anteriores a SP5, podr\u00eda permitir a usuario locales obtener privilegios a trav\u00e9s de una DLL troyanizada en el directorio de trabajo actual."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html \u0027CWE-426: Untrusted Search Path\u0027",
"id": "CVE-2012-0305",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-07-23T17:55:03.373",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/54594"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120720_01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120720_01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-02 21:30
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | backupexec_system_recovery | 7.0 | |
| symantec | backupexec_system_recovery | 7.0.1 | |
| symantec | backupexec_system_recovery | 7.0.2 | |
| symantec | backupexec_system_recovery | 7.0.3 | |
| symantec | backupexec_system_recovery | 8.0 | |
| symantec | backupexec_system_recovery | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17E843F0-6A21-4778-864C-CAADB1AC1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB10B9F3-8A94-4730-B50F-E1CCBD8424A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2B8CF4-D6C1-4E3A-962D-06D6E33BFDD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD6023F-C2E2-4FD2-ADE5-61A79914845C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAA9653-3E7E-47C9-A93E-E4F1956A5D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF07C48-B5B8-4C98-8087-48E9DDD7F979",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en Symantec Backup Exec System Recovery Manager versiones 7.x anteriores a 7.0.4 y versiones 8.x anteriores a 8.0.2, permite a los atacantes remotos leer archivos arbitrarios por medio de vectores no especificados."
}
],
"id": "CVE-2008-2512",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-02T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30432"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.05.28c.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29350"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020128"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1686/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.05.28c.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1686/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42714"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-29 23:46
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | backupexec_system_recovery | 11.0.6235 | |
| symantec | backupexec_system_recovery | 11.0.7170 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:11.0.6235:*:windows:*:*:*:*:*",
"matchCriteriaId": "B4ECA6BD-A87C-4241-9B34-85BB66CC07E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:11.0.7170:*:windows:*:*:*:*:*",
"matchCriteriaId": "5C885EAF-9BCF-4800-91AD-2A4415B5AB69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de entero en el servicio Job Engine (bengine.exe) de Symantec Backup Exec para Windows Servers (BEWS) 11d build 11.0.7170 y 11.0.6.6235 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU y memoria) mediante un paquete artesanal al puerto 5633/tcp, lo cual provoca un bucle infinito."
}
],
"id": "CVE-2007-4347",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-29T23:46:00.000",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/26975"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2007-74/advisory/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/484318/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/484333/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26029"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1019001"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2007/4019"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/26975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2007-74/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/484318/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/484333/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38677"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-29 23:46
Modified
2025-04-09 00:30
Severity ?
Summary
The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | backupexec_system_recovery | 11.0.6235 | |
| symantec | backupexec_system_recovery | 11.0.7170 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:11.0.6235:*:windows:*:*:*:*:*",
"matchCriteriaId": "B4ECA6BD-A87C-4241-9B34-85BB66CC07E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:11.0.7170:*:windows:*:*:*:*:*",
"matchCriteriaId": "5C885EAF-9BCF-4800-91AD-2A4415B5AB69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp."
},
{
"lang": "es",
"value": "El servicio Job Engine (bengine.exe) de Symantec Backup Exec for Windows Servers (BEWS) 11d buils 11.0.7170 y 11.0.6.6235 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a NULL y ca\u00edda del servicio) mediante un paquete manipulado al puerto 5633/tcp."
}
],
"id": "CVE-2007-4346",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-29T23:46:00.000",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26975"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2007-74/advisory/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://securitytracker.com/id?1019001"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/484318/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/484333/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/26028"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2007/4019"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2007-74/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/484318/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/484333/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38676"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-07 21:00
Modified
2025-04-09 00:30
Severity ?
Summary
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | backupexec_system_recovery | 7.0 | |
| symantec | backupexec_system_recovery | 7.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17E843F0-6A21-4778-864C-CAADB1AC1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "609721EB-AAAC-4716-BD42-AB69180BC44D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos sin restricciones en la clase FileUpload que se ejecuta en el servidor Symantec LiveState Apache Tomcat, tal y como es usado por Symantec Backup Exec System Recovery Manager versiones 7.0 y 7.0.1, permite a los atacantes remotos cargar y ejecutar archivos JSP arbitrarios por medio de vectores de ataque desconocidos."
}
],
"id": "CVE-2008-0457",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-07T21:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28787"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seer.entsupport.symantec.com/docs/297171.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487688/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27487"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019303"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.04.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0413"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-003.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seer.entsupport.symantec.com/docs/297171.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487688/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.04.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5078"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-30 22:19
Modified
2025-04-09 00:30
Severity ?
Summary
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | backupexec_system_recovery | 6.5 | |
| symantec | backupexec_system_recovery | 6.52 | |
| symantec | backupexec_system_recovery | 6.52a | |
| symantec | backupexec_system_recovery | 6.53 | |
| symantec | livestate_recovery | 6.0 | |
| symantec | livestate_recovery | 6.01 | |
| symantec | livestate_recovery | 6.02 | |
| symantec | norton_ghost | 10.0 | |
| symantec | norton_ghost | 10.0 | |
| symantec | norton_ghost | 10.01 | |
| symantec | norton_save_and_recovery | 1.01 | |
| symantec | norton_save_and_recovery | 1.01b | |
| symantec | norton_save_and_recovery | 11.0 | |
| symantec | norton_save_and_recovery | 11.01 | |
| symantec | norton_save_and_recovery | 11.01b |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D0598D0E-0BCA-4711-89DE-53C528D9015B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.52:*:*:*:*:*:*:*",
"matchCriteriaId": "8BAB9A49-0311-4D33-8F58-F1228CABA8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.52a:*:*:*:*:*:*:*",
"matchCriteriaId": "2942EF66-62D1-49F9-A38C-BFEEAD22F62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7F5F20-B428-4754-9274-F16BC01E8957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:livestate_recovery:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33F3C4CA-B6D1-4B7A-9C98-8CE0A71C86DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:livestate_recovery:6.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5E137FF2-AEC3-48CD-B744-76615B433554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:livestate_recovery:6.02:*:*:*:*:*:*:*",
"matchCriteriaId": "880D2EE8-DB5C-478A-86F6-1960C1F68E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:10.0:*:dell:*:*:*:*:*",
"matchCriteriaId": "48289358-FC5D-4CC9-B420-365B1FB842F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:10.0:*:norton_system_works:*:*:*:*:*",
"matchCriteriaId": "6A43FA5B-E637-41B3-BCD9-A3DF2A372DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:10.01:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6128F8-5BE1-4A5A-BCEF-D0C9F94E306E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:1.01:*:sony_euro:*:*:*:*:*",
"matchCriteriaId": "A059387D-6A4E-4F23-B16F-9C04601A556D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:1.01b:*:norton_system_works_2007:*:*:*:*:*",
"matchCriteriaId": "D4EE821D-CCA3-43C7-8044-31F9373AA8FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8881CCEE-CDC3-4634-AD25-C705FD8BDE9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:11.01:*:*:*:*:*:*:*",
"matchCriteriaId": "DD4775B1-3712-429D-9227-824CFAB69FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:11.01b:*:*:*:*:*:*:*",
"matchCriteriaId": "082E74B5-1045-4BCF-93A2-AF0AFF4EAA00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key."
},
{
"lang": "es",
"value": "Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, y BackupExec System Recovery anterior a 20070426, cuando est\u00e1n los backups remotos de las im\u00e1genes del punto de restauraci\u00f3n configurados, cifra las credenciales de la parte de la red con una llave formada por un hash del username, que permite que los usuarios locales obtengan las credenciales calculando la llave."
}
],
"evaluatorImpact": "\"In order for this exploit to have an impact, administrators would either have to configure client machines to save restore points images to a private share, or the vulnerable machine would have to be shared by several users who each saved their restore points images to private shares.\"",
"id": "CVE-2007-2360",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-30T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25013"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017971"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1552"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-30 22:19
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | backupexec_system_recovery | 6.5 | |
| symantec | backupexec_system_recovery | 6.52 | |
| symantec | backupexec_system_recovery | 6.52a | |
| symantec | backupexec_system_recovery | 6.53 | |
| symantec | livestate_recovery | 6.0 | |
| symantec | livestate_recovery | 6.01 | |
| symantec | livestate_recovery | 6.02 | |
| symantec | norton_ghost | 10.0 | |
| symantec | norton_ghost | 10.0 | |
| symantec | norton_ghost | 10.0 | |
| symantec | norton_ghost | 10.01 | |
| symantec | norton_save_and_recovery | 1.01 | |
| symantec | norton_save_and_recovery | 1.01b | |
| symantec | norton_save_and_recovery | 11.0 | |
| symantec | norton_save_and_recovery | 11.01 | |
| symantec | norton_save_and_recovery | 11.01b |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D0598D0E-0BCA-4711-89DE-53C528D9015B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.52:*:*:*:*:*:*:*",
"matchCriteriaId": "8BAB9A49-0311-4D33-8F58-F1228CABA8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.52a:*:*:*:*:*:*:*",
"matchCriteriaId": "2942EF66-62D1-49F9-A38C-BFEEAD22F62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7F5F20-B428-4754-9274-F16BC01E8957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:livestate_recovery:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33F3C4CA-B6D1-4B7A-9C98-8CE0A71C86DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:livestate_recovery:6.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5E137FF2-AEC3-48CD-B744-76615B433554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:livestate_recovery:6.02:*:*:*:*:*:*:*",
"matchCriteriaId": "880D2EE8-DB5C-478A-86F6-1960C1F68E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA920B14-D3B2-4528-8A6F-C8545FA466AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:10.0:*:dell:*:*:*:*:*",
"matchCriteriaId": "48289358-FC5D-4CC9-B420-365B1FB842F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:10.0:*:norton_system_works:*:*:*:*:*",
"matchCriteriaId": "6A43FA5B-E637-41B3-BCD9-A3DF2A372DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:10.01:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6128F8-5BE1-4A5A-BCEF-D0C9F94E306E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:1.01:*:sony_euro:*:*:*:*:*",
"matchCriteriaId": "A059387D-6A4E-4F23-B16F-9C04601A556D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:1.01b:*:norton_system_works_2007:*:*:*:*:*",
"matchCriteriaId": "D4EE821D-CCA3-43C7-8044-31F9373AA8FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8881CCEE-CDC3-4634-AD25-C705FD8BDE9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:11.01:*:*:*:*:*:*:*",
"matchCriteriaId": "DD4775B1-3712-429D-9227-824CFAB69FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:11.01b:*:*:*:*:*:*:*",
"matchCriteriaId": "082E74B5-1045-4BCF-93A2-AF0AFF4EAA00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Ghost Service Manager, tal y como se usa en Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, y BackupExec System Recovery versiones anteriores a 20070426, permite a usuarios locales obtener privilegios mediante una cadena larga."
}
],
"id": "CVE-2007-2359",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-30T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=519"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25013"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017971"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1552"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33931"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-30 22:19
Modified
2025-04-09 00:30
Severity ?
Summary
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | backupexec_system_recovery | 6.5 | |
| symantec | backupexec_system_recovery | 6.52 | |
| symantec | backupexec_system_recovery | 6.52a | |
| symantec | backupexec_system_recovery | 6.53 | |
| symantec | livestate_recovery | 6.0 | |
| symantec | livestate_recovery | 6.01 | |
| symantec | livestate_recovery | 6.02 | |
| symantec | norton_ghost | 10.0 | |
| symantec | norton_ghost | 10.0 | |
| symantec | norton_ghost | 10.0 | |
| symantec | norton_ghost | 10.01 | |
| symantec | norton_save_and_recovery | 1.01 | |
| symantec | norton_save_and_recovery | 1.01b | |
| symantec | norton_save_and_recovery | 11.0 | |
| symantec | norton_save_and_recovery | 11.01 | |
| symantec | norton_save_and_recovery | 11.01b |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D0598D0E-0BCA-4711-89DE-53C528D9015B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.52:*:*:*:*:*:*:*",
"matchCriteriaId": "8BAB9A49-0311-4D33-8F58-F1228CABA8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.52a:*:*:*:*:*:*:*",
"matchCriteriaId": "2942EF66-62D1-49F9-A38C-BFEEAD22F62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7F5F20-B428-4754-9274-F16BC01E8957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:livestate_recovery:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33F3C4CA-B6D1-4B7A-9C98-8CE0A71C86DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:livestate_recovery:6.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5E137FF2-AEC3-48CD-B744-76615B433554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:livestate_recovery:6.02:*:*:*:*:*:*:*",
"matchCriteriaId": "880D2EE8-DB5C-478A-86F6-1960C1F68E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA920B14-D3B2-4528-8A6F-C8545FA466AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:10.0:*:dell:*:*:*:*:*",
"matchCriteriaId": "48289358-FC5D-4CC9-B420-365B1FB842F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:10.0:*:norton_system_works:*:*:*:*:*",
"matchCriteriaId": "6A43FA5B-E637-41B3-BCD9-A3DF2A372DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_ghost:10.01:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6128F8-5BE1-4A5A-BCEF-D0C9F94E306E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:1.01:*:sony_euro:*:*:*:*:*",
"matchCriteriaId": "A059387D-6A4E-4F23-B16F-9C04601A556D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:1.01b:*:norton_system_works_2007:*:*:*:*:*",
"matchCriteriaId": "D4EE821D-CCA3-43C7-8044-31F9373AA8FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8881CCEE-CDC3-4634-AD25-C705FD8BDE9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:11.01:*:*:*:*:*:*:*",
"matchCriteriaId": "DD4775B1-3712-429D-9227-824CFAB69FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:11.01b:*:*:*:*:*:*:*",
"matchCriteriaId": "082E74B5-1045-4BCF-93A2-AF0AFF4EAA00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file."
},
{
"lang": "es",
"value": "Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, y BackupExec System Recovery versiones anteriores a 20070426, cuando est\u00e1n configurados copias de respaldo remotas o im\u00e1genes de puntos de restauranci\u00f3n, utiliza permisos d\u00e9biles (leibles por todos) para un fichero de configuraci\u00f3n con credenciales de carpetas compartidas de red, lo cual permite a usuarios locales obtener las credenciales al leer el fichero."
}
],
"id": "CVE-2007-2361",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-30T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25013"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017971"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1552"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33929"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-2359 (GCVE-0-2007-2359)
Vulnerability from cvelistv5
Published
2007-04-30 22:00
Modified
2024-08-07 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017971",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017971"
},
{
"name": "ADV-2007-1552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1552"
},
{
"name": "symantec-backup-unspecified-bo(33931)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33931"
},
{
"name": "20070426 Symantec Norton Ghost 10 Service Manager Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=519"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
},
{
"name": "25013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017971",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017971"
},
{
"name": "ADV-2007-1552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1552"
},
{
"name": "symantec-backup-unspecified-bo(33931)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33931"
},
{
"name": "20070426 Symantec Norton Ghost 10 Service Manager Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=519"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
},
{
"name": "25013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017971",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017971"
},
{
"name": "ADV-2007-1552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1552"
},
{
"name": "symantec-backup-unspecified-bo(33931)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33931"
},
{
"name": "20070426 Symantec Norton Ghost 10 Service Manager Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=519"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
},
{
"name": "25013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2359",
"datePublished": "2007-04-30T22:00:00",
"dateReserved": "2007-04-30T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0457 (GCVE-0-2008-0457)
Vulnerability from cvelistv5
Published
2008-02-07 20:00
Modified
2024-08-07 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5078",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5078"
},
{
"name": "28787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28787"
},
{
"name": "20080206 ZDI-08-003: Symantec Backup Exec Remote File Upload Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487688/100/0/threaded"
},
{
"name": "ADV-2008-0413",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0413"
},
{
"name": "27487",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27487"
},
{
"name": "1019303",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/297171.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.04.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5078",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5078"
},
{
"name": "28787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28787"
},
{
"name": "20080206 ZDI-08-003: Symantec Backup Exec Remote File Upload Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487688/100/0/threaded"
},
{
"name": "ADV-2008-0413",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0413"
},
{
"name": "27487",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27487"
},
{
"name": "1019303",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/297171.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.04.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5078",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5078"
},
{
"name": "28787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28787"
},
{
"name": "20080206 ZDI-08-003: Symantec Backup Exec Remote File Upload Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487688/100/0/threaded"
},
{
"name": "ADV-2008-0413",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0413"
},
{
"name": "27487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27487"
},
{
"name": "1019303",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019303"
},
{
"name": "http://seer.entsupport.symantec.com/docs/297171.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/297171.htm"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.02.04.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.04.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-003.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0457",
"datePublished": "2008-02-07T20:00:00",
"dateReserved": "2008-01-24T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2361 (GCVE-0-2007-2361)
Vulnerability from cvelistv5
Published
2007-04-30 22:00
Modified
2024-08-07 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017971",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017971"
},
{
"name": "ADV-2007-1552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1552"
},
{
"name": "20070426 Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"
},
{
"name": "symantec-backup-information-disclosure(33929)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33929"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
},
{
"name": "25013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017971",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017971"
},
{
"name": "ADV-2007-1552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1552"
},
{
"name": "20070426 Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"
},
{
"name": "symantec-backup-information-disclosure(33929)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33929"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
},
{
"name": "25013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017971",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017971"
},
{
"name": "ADV-2007-1552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1552"
},
{
"name": "20070426 Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"
},
{
"name": "symantec-backup-information-disclosure(33929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33929"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
},
{
"name": "25013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2361",
"datePublished": "2007-04-30T22:00:00",
"dateReserved": "2007-04-30T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2512 (GCVE-0-2008-2512)
Vulnerability from cvelistv5
Published
2008-06-02 14:00
Modified
2024-08-07 09:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:29.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "recoverymanager-unspecified-dir-traversal(42714)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42714"
},
{
"name": "29350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29350"
},
{
"name": "30432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30432"
},
{
"name": "1020128",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020128"
},
{
"name": "ADV-2008-1686",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1686/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.05.28c.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "recoverymanager-unspecified-dir-traversal(42714)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42714"
},
{
"name": "29350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29350"
},
{
"name": "30432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30432"
},
{
"name": "1020128",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020128"
},
{
"name": "ADV-2008-1686",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1686/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.05.28c.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "recoverymanager-unspecified-dir-traversal(42714)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42714"
},
{
"name": "29350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29350"
},
{
"name": "30432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30432"
},
{
"name": "1020128",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020128"
},
{
"name": "ADV-2008-1686",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1686/references"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.05.28c.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.05.28c.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2512",
"datePublished": "2008-06-02T14:00:00",
"dateReserved": "2008-06-02T00:00:00",
"dateUpdated": "2024-08-07T09:05:29.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4347 (GCVE-0-2007-4347)
Vulnerability from cvelistv5
Published
2007-11-29 23:00
Modified
2024-08-07 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "backupexec-bengine-dos(38677)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38677"
},
{
"name": "26975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html"
},
{
"name": "20071128 Secunia Research: Symantec Backup Exec Job Engine Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484318/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2007-74/advisory/"
},
{
"name": "26029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26029"
},
{
"name": "20071128 SYM07-029 Symantec BEWS Multiple DoS in Job Engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484333/100/0/threaded"
},
{
"name": "ADV-2007-4019",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4019"
},
{
"name": "1019001",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "backupexec-bengine-dos(38677)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38677"
},
{
"name": "26975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html"
},
{
"name": "20071128 Secunia Research: Symantec Backup Exec Job Engine Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484318/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2007-74/advisory/"
},
{
"name": "26029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26029"
},
{
"name": "20071128 SYM07-029 Symantec BEWS Multiple DoS in Job Engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484333/100/0/threaded"
},
{
"name": "ADV-2007-4019",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4019"
},
{
"name": "1019001",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-4347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "backupexec-bengine-dos(38677)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38677"
},
{
"name": "26975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26975"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html"
},
{
"name": "20071128 Secunia Research: Symantec Backup Exec Job Engine Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484318/100/0/threaded"
},
{
"name": "http://secunia.com/secunia_research/2007-74/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-74/advisory/"
},
{
"name": "26029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26029"
},
{
"name": "20071128 SYM07-029 Symantec BEWS Multiple DoS in Job Engine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484333/100/0/threaded"
},
{
"name": "ADV-2007-4019",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4019"
},
{
"name": "1019001",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2007-4347",
"datePublished": "2007-11-29T23:00:00",
"dateReserved": "2007-08-14T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2360 (GCVE-0-2007-2360)
Vulnerability from cvelistv5
Published
2007-04-30 22:00
Modified
2024-08-07 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017971",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017971"
},
{
"name": "ADV-2007-1552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1552"
},
{
"name": "20070426 Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
},
{
"name": "25013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-05-04T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017971",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017971"
},
{
"name": "ADV-2007-1552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1552"
},
{
"name": "20070426 Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
},
{
"name": "25013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017971",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017971"
},
{
"name": "ADV-2007-1552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1552"
},
{
"name": "20070426 Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
},
{
"name": "25013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2360",
"datePublished": "2007-04-30T22:00:00",
"dateReserved": "2007-04-30T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0305 (GCVE-0-2012-0305)
Vulnerability from cvelistv5
Published
2012-07-23 17:00
Modified
2024-08-06 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120720_01"
},
{
"name": "54594",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120720_01"
},
{
"name": "54594",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120720_01",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120720_01"
},
{
"name": "54594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0305",
"datePublished": "2012-07-23T17:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4346 (GCVE-0-2007-4346)
Vulnerability from cvelistv5
Published
2007-11-29 23:00
Modified
2024-08-07 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html"
},
{
"name": "20071128 Secunia Research: Symantec Backup Exec Job Engine Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484318/100/0/threaded"
},
{
"name": "backupexec-bengine-null-dos(38676)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38676"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2007-74/advisory/"
},
{
"name": "1019001",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019001"
},
{
"name": "26028",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26028"
},
{
"name": "20071128 SYM07-029 Symantec BEWS Multiple DoS in Job Engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484333/100/0/threaded"
},
{
"name": "ADV-2007-4019",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "26975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html"
},
{
"name": "20071128 Secunia Research: Symantec Backup Exec Job Engine Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484318/100/0/threaded"
},
{
"name": "backupexec-bengine-null-dos(38676)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38676"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2007-74/advisory/"
},
{
"name": "1019001",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019001"
},
{
"name": "26028",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26028"
},
{
"name": "20071128 SYM07-029 Symantec BEWS Multiple DoS in Job Engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484333/100/0/threaded"
},
{
"name": "ADV-2007-4019",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-4346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26975"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html"
},
{
"name": "20071128 Secunia Research: Symantec Backup Exec Job Engine Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484318/100/0/threaded"
},
{
"name": "backupexec-bengine-null-dos(38676)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38676"
},
{
"name": "http://secunia.com/secunia_research/2007-74/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-74/advisory/"
},
{
"name": "1019001",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019001"
},
{
"name": "26028",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26028"
},
{
"name": "20071128 SYM07-029 Symantec BEWS Multiple DoS in Job Engine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484333/100/0/threaded"
},
{
"name": "ADV-2007-4019",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2007-4346",
"datePublished": "2007-11-29T23:00:00",
"dateReserved": "2007-08-14T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}