BackupExec System Recovery CVE-2007-2361 Local Security Vulnerability

BackupExec System Recovery CVE-2007-2361 Local Security Vulnerability

BackupExec System Recovery is prone to a local security vulnerability. Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.