CVE-2008-0640

Published: Feb 8, 2008Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.

Affected (3)

Products: Symantec: Ghost Solutions Suite

1 product

Ghost Solutions Suite

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Symantec Ghost Solutions Suite	Version 1.1
Symantec Ghost Solutions Suite	Version 2.0.0
Symantec Ghost Solutions Suite	Version 2.0.1

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (10)

http://secunia.com/advisories/28853

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/27644

Source: cve@mitre.org

http://www.securitytracker.com/id?1019356

Source: cve@mitre.org

http://www.symantec.com/avcenter/security/Content/2008.02.07.html

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2008/0474

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28853

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/27644

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1019356

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.symantec.com/avcenter/security/Content/2008.02.07.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.vupen.com/english/advisories/2008/0474

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.