Symantec Ghost 2.0/2.0.0/2.0.1/2.5 Backup Drive Structure Size memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.3 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Symantec Ghost 2.0/2.0.0/2.0.1/2.5 and classified as problematic. Affected by this issue is some unknown functionality of the component Backup Handler. This manipulation of the argument Drive Structure Size as part of GHO File causes memory corruption. This vulnerability is tracked as CVE-2012-0306. No exploit exists. To fix this issue, it is recommended to deploy a patch.
Details
A vulnerability was found in Symantec Ghost 2.0/2.0.0/2.0.1/2.5. It has been declared as critical. Affected by this vulnerability is an unknown part of the component Backup Handler. The manipulation of the argument Drive Structure Size as part of a GHO File leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted backup file.
The weakness was disclosed 10/10/2012 by Jeremy Brown with Microsoft Vulnerability Research as SYM12-016 as confirmed advisory (Website). It is possible to read the advisory at symantec.com. The public release has been coordinated in cooperation with Symantec. This vulnerability is known as CVE-2012-0306 since 01/04/2012. The exploitation appears to be difficult. The attack needs to be done within the local network. The exploitation doesn't need any form of authentication. Technical details of the vulnerability are known, but there is no available exploit. If the drive structure size is corrupted and incorrectly reported as very large, Ghost explorer tries to allocate too much memory and crashes.
The vulnerability scanner Nessus provides a plugin with the ID 62716 (Symantec Ghost Solution Suite Backup File Handling Memory Corruption (SYM12-016)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows. The commercial vulnerability scanner Qualys is able to test this issue with plugin 120741 (Symantec Ghost Solution Suite Memory Corruption (SYM12-016)).
Applying the patch GSS25x_b2620 is able to eliminate this problem. The bugfix is ready for download at symantec.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (79194), Tenable (62716), SecurityFocus (BID 55748†), OSVDB (86151†) and Secunia (SA50953†). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.symantec.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.6VulDB Meta Temp Score: 8.3
VulDB Base Score: 9.6
VulDB Temp Score: 8.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 62716
Nessus Name: Symantec Ghost Solution Suite Backup File Handling Memory Corruption (SYM12-016)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: GSS25x_b2620
Timeline
01/04/2012 🔍10/10/2012 🔍
10/10/2012 🔍
10/10/2012 🔍
10/10/2012 🔍
10/11/2012 🔍
10/11/2012 🔍
10/12/2012 🔍
10/13/2012 🔍
10/18/2012 🔍
10/26/2012 🔍
12/31/2012 🔍
01/04/2025 🔍
Sources
Vendor: symantec.comAdvisory: SYM12-016
Researcher: Jeremy Brown
Organization: Microsoft Vulnerability Research
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2012-0306 (🔍)
GCVE (CVE): GCVE-0-2012-0306
GCVE (VulDB): GCVE-100-6667
X-Force: 79194 - Symantec Ghost Solution Suite backup files code execution, High Risk
SecurityFocus: 55748 - Symantec Ghost Solutions Suite Backup File Memory Corruption Vulnerability
Secunia: 50953 - Symantec Ghost Solution Suite Backup File Parsing Memory Corruption, Less Critical
OSVDB: 86151
SecurityTracker: 1027648 - Symantec Ghost Solution Suite Backup File Processing Flaw Lets Remote Users Execute Arbitrary Code
Vulnerability Center: 37871 - Ghost Solution Suite 2.0-2.5.1 Remote Arbitrary Code Execution or Denial of Service, Medium
Entry
Created: 10/13/2012 21:46Updated: 01/04/2025 22:38
Changes: 10/13/2012 21:46 (85), 04/23/2017 13:52 (5), 04/18/2021 09:47 (3), 01/04/2025 22:38 (16)
Complete: 🔍
Cache ID: 216:E11:103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.