CVE-2007-2361

Name of the Vulnerable Software and Affected Versions Symantec Norton Ghost versions prior to 20070426 Symantec Norton Save & Recovery versions prior to 20070426 Symantec LiveState Recovery versions prior to 20070426 Symantec BackupExec System Recovery versions prior to 20070426

Description The issue concerns the use of weak permissions for a configuration file that stores network share credentials. When remote backups of restore points images are configured, this file becomes world-readable, allowing local users to obtain the credentials by simply reading the file. This could potentially lead to unauthorized access to sensitive data.

Recommendations For Symantec Norton Ghost versions prior to 20070426, update to a version released after 20070426 to ensure the configuration file is properly secured. For Symantec Norton Save & Recovery versions prior to 20070426, update to a version released after 20070426 to ensure the configuration file is properly secured. For Symantec LiveState Recovery versions prior to 20070426, update to a version released after 20070426 to ensure the configuration file is properly secured. For Symantec BackupExec System Recovery versions prior to 20070426, update to a version released after 20070426 to ensure the configuration file is properly secured.