CVE-2007-2360 (GCVE-0-2007-2360)
Vulnerability from cvelistv5
Published
2007-04-30 22:00
Modified
2024-08-07 13:33
Severity ?
CWE
  • n/a
Summary
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:33:28.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017971",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017971"
          },
          {
            "name": "ADV-2007-1552",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1552"
          },
          {
            "name": "20070426 Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
          },
          {
            "name": "25013",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25013"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-05-04T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017971",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017971"
        },
        {
          "name": "ADV-2007-1552",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1552"
        },
        {
          "name": "20070426 Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
        },
        {
          "name": "25013",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25013"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2360",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017971",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017971"
            },
            {
              "name": "ADV-2007-1552",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1552"
            },
            {
              "name": "20070426 Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"
            },
            {
              "name": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"
            },
            {
              "name": "25013",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25013"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2360",
    "datePublished": "2007-04-30T22:00:00",
    "dateReserved": "2007-04-30T00:00:00",
    "dateUpdated": "2024-08-07T13:33:28.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2360\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-04-30T22:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.\"},{\"lang\":\"es\",\"value\":\"Symantec Norton Ghost, Norton Save \u0026 Recovery, LiveState Recovery, y BackupExec System Recovery anterior a 20070426, cuando est\u00e1n los backups remotos de las im\u00e1genes del punto de restauraci\u00f3n configurados, cifra las credenciales de la parte de la red con una llave formada por un hash del username, que permite que los usuarios locales obtengan las credenciales calculando la llave.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":6.8,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.1,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:backupexec_system_recovery:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0598D0E-0BCA-4711-89DE-53C528D9015B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:backupexec_system_recovery:6.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BAB9A49-0311-4D33-8F58-F1228CABA8EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:backupexec_system_recovery:6.52a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2942EF66-62D1-49F9-A38C-BFEEAD22F62E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:backupexec_system_recovery:6.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC7F5F20-B428-4754-9274-F16BC01E8957\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:livestate_recovery:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F3C4CA-B6D1-4B7A-9C98-8CE0A71C86DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:livestate_recovery:6.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E137FF2-AEC3-48CD-B744-76615B433554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:livestate_recovery:6.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"880D2EE8-DB5C-478A-86F6-1960C1F68E52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_ghost:10.0:*:dell:*:*:*:*:*\",\"matchCriteriaId\":\"48289358-FC5D-4CC9-B420-365B1FB842F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_ghost:10.0:*:norton_system_works:*:*:*:*:*\",\"matchCriteriaId\":\"6A43FA5B-E637-41B3-BCD9-A3DF2A372DE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_ghost:10.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F6128F8-5BE1-4A5A-BCEF-D0C9F94E306E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_save_and_recovery:1.01:*:sony_euro:*:*:*:*:*\",\"matchCriteriaId\":\"A059387D-6A4E-4F23-B16F-9C04601A556D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_save_and_recovery:1.01b:*:norton_system_works_2007:*:*:*:*:*\",\"matchCriteriaId\":\"D4EE821D-CCA3-43C7-8044-31F9373AA8FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_save_and_recovery:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8881CCEE-CDC3-4634-AD25-C705FD8BDE9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_save_and_recovery:11.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD4775B1-3712-429D-9227-824CFAB69FE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_save_and_recovery:11.01b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"082E74B5-1045-4BCF-93A2-AF0AFF4EAA00\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25013\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1017971\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.symantec.com/avcenter/security/Content/2007.04.26.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1552\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1017971\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.symantec.com/avcenter/security/Content/2007.04.26.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1552\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorImpact\":\"\\\"In order for this exploit to have an impact, administrators would either have to configure client machines to save restore points images to a private share, or the vulnerable machine would have to be shared by several users who each saved their restore points images to private shares.\\\"\"}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.