CVE-2008-0640

Name of the Vulnerable Software and Affected Versions Symantec Ghost Solution Suite versions 1.1 through 1.1 patch 1 Symantec Ghost Solution Suite version 2.0.0 Symantec Ghost Solution Suite version 2.0.1

Description The issue is related to a lack of authentication for connections between the console and the Ghost Management Agent. This allows remote attackers to execute arbitrary commands via unspecified RPC requests, potentially in conjunction with ARP spoofing.

Recommendations For Symantec Ghost Solution Suite versions 1.1 through 1.1 patch 1, apply patch 2 to resolve the issue. For Symantec Ghost Solution Suite version 2.0.0, update to a version that includes the necessary authentication for connections between the console and the Ghost Management Agent. For Symantec Ghost Solution Suite version 2.0.1, update to a version that includes the necessary authentication for connections between the console and the Ghost Management Agent. As a temporary workaround, consider restricting access to the RPC requests to minimize the risk of exploitation.