Symantec Ghost SQLAnywhere Local Administrative Authentication Credentials Disclosure Vulnerability

Symantec Ghost SQLAnywhere Local Administrative Authentication Credentials Disclosure Vulnerability

Symantec Ghost is prone to a vulnerability that may allow a local attacker to gain elevated privileges.

The vulnerability presents itself in the Symantec SQLAnywhere database installed with Symantec Ghost and the Central Management Console in Symantec Ghost Solutions Suite (SGSS).

A successful attack can allow an attacker to obtain the authentication credentials and carry out various attacks such as modifying and deleting administrative tasks against a vulnerable computer. This issue can also allow attackers to execute arbitrary to gain elevated privileges on an affected computer.

All builds of Symantec Ghost 8.0 (EOL / EOS 11/15/2005) and Ghost 8.2 (shipped as a part of SGSS 1.0) are vulnerable to this issue.