Description
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.
Affected products
- Symantec / backupexec_system_recovery6.5 – 6.5
- Symantec / backupexec_system_recovery6.52 – 6.52
- Symantec / backupexec_system_recovery6.52a – 6.52a
- Symantec / backupexec_system_recovery6.53 – 6.53
- Symantec / livestate_recovery6.0 – 6.0
- Symantec / livestate_recovery6.01 – 6.01
- Symantec / livestate_recovery6.02 – 6.02
- Symantec / norton_ghost10.0 – 10.0
- Symantec / norton_ghost10.0 – 10.0
- Symantec / norton_ghost10.01 – 10.01
- Symantec / norton_save_and_recovery1.01 – 1.01
- Symantec / norton_save_and_recovery1.01b – 1.01b
- Symantec / norton_save_and_recovery11.0 – 11.0
- Symantec / norton_save_and_recovery11.01 – 11.01
- Symantec / norton_save_and_recovery11.01b – 11.01b
References
- MISChttp://www.securitytracker.com/id?1017971
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/1552
- MISChttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520
- MISChttp://www.symantec.com/avcenter/security/Content/2007.04.26.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/25013