CVE-2008-0640

Symantec Ghost Solutions Suite - Authentication Bypass

Title source: rule

Description

Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.

References (5)

[Vendor Advisory] http://secunia.com/advisories/28853

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019356

[Patch] http://www.symantec.com/avcenter/security/Content/2008.02.07.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2008/0474

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27644

Scores

EPSS 0.0350

EPSS Percentile 87.5%

Classification

CWE

CWE-287

Status draft

Affected Products (3)

symantec/ghost_solutions_suite

Timeline

Published Feb 08, 2008

Tracked Since Feb 18, 2026