CVE-2007-2361

Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.

Published: May 1, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-2361
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.9
AV:L/AC:L/Au:N/C:C/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
symantec / norton_ghost	10.0	10.0.x
symantec / norton_save_and_recovery	11.01	11.01.x
symantec / norton_ghost	10.01	10.01.x
symantec / norton_save_and_recovery	11.0	11.0.x
symantec / backupexec_system_recovery	6.53	6.53.x
symantec / norton_save_and_recovery	1.01	1.01.x
symantec / livestate_recovery	6.01	6.01.x
symantec / backupexec_system_recovery	6.52a	6.52a.x
symantec / backupexec_system_recovery	6.5	6.5.x
symantec / livestate_recovery	6.0	6.0.x
symantec / backupexec_system_recovery	6.52	6.52.x
symantec / norton_save_and_recovery	1.01b	1.01b.x
symantec / norton_save_and_recovery	11.01b	11.01b.x
symantec / livestate_recovery	6.02	6.02.x

Vulnerability Database

290,206

CVE-2007-2361