TITLE:
Symantec Ghost Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA19171

VERIFY ADVISORY:
https://secunia.com/advisories/19171/

CRITICAL:
Less critical

IMPACT:
Manipulation of data, Exposure of sensitive information, Privilege
escalation

WHERE:
Local system

SOFTWARE:
Symantec Ghost 8.x
https://secunia.com/product/6937/
Symantec Ghost Solution Suite 1.x
https://secunia.com/product/8600/

DESCRIPTION:
Three vulnerabilities have been reported in Symantec Ghost, which can
be exploited by malicious, local users to gain knowledge of
potentially sensitive information, modify certain data, and
potentially gain escalated privileges.

1) Default administrator login id and password left behind during
installation can be used by local users to modify or delete stored
administrative tasks. This can be exploited to modify tasks to run
arbitrary code on the local system.

2) Insecure permissions in the shared memory sections within the
Sybase SQLAnywhere database used by Symantec Ghost can potentially be
exploited to gain access to, and to modify information stored in the
database.

3) A boundary error in the login dialog box of dbisqlc.exe which is
installed as a part of the SQLAnywhere package, can cause a buffer
overflow. This can potentially be exploited to gain access to
information stored in the database that is not normally accessible.

The vulnerabilities have been reported in the following versions:
* Symantec Ghost 8.0.
* Symantec Ghost 8.2 (shipped as a part of Symantec Ghost Solutions
Suite 1.0).

SOLUTION:
Update to Symantec Ghost 8.3 that is shipped as a part of Symantec
Ghost Solutions Suite 1.1.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Ollie Whitehouse, Symantec.

ORIGINAL ADVISORY:
https://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
https://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
https://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------