Symantec Backup Exec System Recovery Manager Directory Traversal Bug Lets Remote Users Gain Access to the Target System
|
|
SecurityTracker Alert ID: 1020128 |
|
SecurityTracker URL: http://securitytracker.com/id/1020128
|
|
CVE Reference:
CVE-2008-2512
(Links to External Site)
|
Updated: Jun 3 2008
|
Original Entry Date: May 28 2008
|
Impact:
Disclosure of system information, Disclosure of user information, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 7.0.x prior to 7.0.4, 8.0.x prior to 8.0.2
|
Description:
A vulnerability was reported in Symantec Backup Exec System Recovery Manager. A remote user can view files on the target system and gain access to the target system.
A remote user can supply a specially crafted request to view arbitrary files on target system.
This can be exploited to gain access to the target system.
Nicolas Pouvesle of Tenable Security reported the vulnerability.
|
Impact:
A remote user can view files on the target system.
A remote user can gain access to the target system.
|
Solution:
The vendor has issued fixed versions (7.0.4, 8.0.2).
The vendor's advisory is available at:
http://securityresponse.symantec.com/avcenter/security/Content/2008.05.28c.html
|
Vendor URL: securityresponse.symantec.com/avcenter/security/Content/2008.05.28c.html (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 28 May 2008 15:17:02 -0400
Subject: Symantec Backup Exec System Recovery Manager - Directory Traversal Vulnerability
|
http://securityresponse.symantec.com/avcenter/security/Content/2008.05.28c.html
|
|
