CVE-2008-0640
Symantec Ghost Solution Suite 1.1-2.0.1 - Unauthenticated Remote Command Execution via RPC Requests
Title source: llmDescription
Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28853
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0474
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019356
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27644
Patch x_refsource_confirm
http://www.symantec.com/avcenter/security/Content/2008.02.07.html
Scores
EPSS
0.0350
EPSS Percentile
87.8%
Details
CWE
CWE-287
Status
published
Products (3)
symantec/ghost_solutions_suite
1.1
symantec/ghost_solutions_suite
2.0.0
symantec/ghost_solutions_suite
2.0.1
Published
Feb 08, 2008
Tracked Since
Feb 18, 2026