Symantec Ghost Solutions Suite Backup File Memory Corruption Vulnerability

Summary

Symantec Ghost Solutions Suite is prone to a remote memory-corruption vulnerability.

Credit:

The information has been provided by Jeremy Brown.
The original article can be found at: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121010_00


Details

Vulnerable Systems:
 * Symantec Ghost Solutions Suite (SGSS) 2.1 and prior

The issue arises when the application handles specially crafted files. Successful exploits may allow the attacker to execute arbitrary code in the context of application. Failed exploit attempts will likely result in denial-of-service conditions.

A vulnerability has been reported in Symantec Ghost Solution Suite, which can be exploited by malicious users to potentially compromise a vulnerable system. The vulnerability is caused due to an unspecified error when parsing backup files and can be exploited to corrupt memory via a specially crafted backup file placed in the appropriate path on the system. Successful exploitation may allow execution of arbitrary code

Patch Availability:
http://www.symantec.com/docs/TECH197839

CVE Information:
CVE-2012-0306

Disclosure Timeline:
Published: Oct 10 2012 12:00AM
Updated: Oct 11 2012 07:00AM

Categories: News