NVD Vulnerability Detail

CVE-2007-2359

Summary	Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string.
Publication Date	May 1, 2007, 7:19 a.m.
Registration Date	Jan. 29, 2021, 2:11 p.m.
Last Update	July 29, 2017, 10:31 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:symantec:backupexec_system_recovery:6.5:::::::*
cpe:2.3:a:symantec:backupexec_system_recovery:6.52:::::::*
cpe:2.3:a:symantec:backupexec_system_recovery:6.52a:::::::*
cpe:2.3:a:symantec:backupexec_system_recovery:6.53:::::::*
cpe:2.3:a:symantec:livestate_recovery:6.0:::::::*
cpe:2.3:a:symantec:livestate_recovery:6.01:::::::*
cpe:2.3:a:symantec:livestate_recovery:6.02:::::::*
cpe:2.3:a:symantec:norton_ghost:10.0:::::::*
cpe:2.3:a:symantec:norton_ghost:10.0::dell:::::
cpe:2.3:a:symantec:norton_ghost:10.0::norton_system_works:::::
cpe:2.3:a:symantec:norton_ghost:10.01:::::::*
cpe:2.3:a:symantec:norton_save_and_recovery:1.01::sony_euro:::::
cpe:2.3:a:symantec:norton_save_and_recovery:1.01b::norton_system_works_2007:::::
cpe:2.3:a:symantec:norton_save_and_recovery:11.0:::::::*
cpe:2.3:a:symantec:norton_save_and_recovery:11.01:::::::*
cpe:2.3:a:symantec:norton_save_and_recovery:11.01b:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=519	IDEFENSE	Vendor Advisory
2	http://secunia.com/advisories/25013	SECUNIA
3	http://www.securitytracker.com/id?1017971	SECTRACK
4	http://www.symantec.com/avcenter/security/Content/2007.04.26.html	CONFIRM	Vendor Advisory
5	http://www.vupen.com/english/advisories/2007/1552	VUPEN
6	https://exchange.xforce.ibmcloud.com/vulnerabilities/33931	XF

Common Vulnerabilities List

JVN Vulnerability Information

Symantec Norton Ghost などの製品で使用される Ghost Service Manager におけるバッファオーバーフローの脆弱性

Title	Symantec Norton Ghost などの製品で使用される Ghost Service Manager におけるバッファオーバーフローの脆弱性
Summary	Symantec Norton Ghost、Norton Save & Recovery、LiveState Recovery、および BackupExec System Recovery で使用される Ghost Service Manager には、バッファオーバーフローの脆弱性が存在します。
Possible impacts	ローカルユーザにより、過度に長い文字列を介して、権限を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 26, 2007, midnight
Registration Date	Dec. 20, 2012, 6:19 p.m.
Last Update	Dec. 20, 2012, 6:19 p.m.

Affected System

シマンテック

livestate recovery

Norton Ghost

norton save and recovery

Symantec Backup Exec System Recovery 20070426 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-2359	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2359
National Vulnerability Database (NVD)
2	CVE-2007-2359	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2359

ベンダー情報

No	Name	URL
Symantec Corporation
1	SYM07-004	http://www.symantec.com/avcenter/security/Content/2007.04.26.html

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:symantec:backupexec_system_recovery:6.5:::::::*
cpe:2.3:a:symantec:backupexec_system_recovery:6.52:::::::*
cpe:2.3:a:symantec:backupexec_system_recovery:6.52a:::::::*
cpe:2.3:a:symantec:backupexec_system_recovery:6.53:::::::*
cpe:2.3:a:symantec:livestate_recovery:6.0:::::::*
cpe:2.3:a:symantec:livestate_recovery:6.01:::::::*
cpe:2.3:a:symantec:livestate_recovery:6.02:::::::*
cpe:2.3:a:symantec:norton_ghost:10.0:::::::*
cpe:2.3:a:symantec:norton_ghost:10.0::dell:::::
cpe:2.3:a:symantec:norton_ghost:10.0::norton_system_works:::::
cpe:2.3:a:symantec:norton_ghost:10.01:::::::*
cpe:2.3:a:symantec:norton_save_and_recovery:1.01::sony_euro:::::
cpe:2.3:a:symantec:norton_save_and_recovery:1.01b::norton_system_works_2007:::::
cpe:2.3:a:symantec:norton_save_and_recovery:11.0:::::::*
cpe:2.3:a:symantec:norton_save_and_recovery:11.01:::::::*
cpe:2.3:a:symantec:norton_save_and_recovery:11.01b:::::::*