Symantec had to patch a bunch of problems with its Ghost Solution Suite to fend off possible denial of service exploits.
Vulnerabilities with Symantec Ghost could have permitted the remote exploitation of multiple denial of service conditions, crashing the Ghost server.
iDefense Labs said Symantec has provided a software update to correct the problem. The problems were first discovered in December 2006, and have just been disclosed with the release of the update.
The iDefense Labs report said Ghost's daemons could pick up a malformed request and trigger a crash:
These vulnerabilities affect both the client and server daemons due to what looks like a shared communications library. The daemons listen on UDP ports 1346, and 1347 respectively.
By sending a malformed UDP-based request to either service, an attacker can cause the service to crash due to an invalid memory reference.
Versions 2.0.0 and earlier of Ghost were subject to this attack, Symantec said in its advisory.
iEntry 10th Anniversary
RSS
Archive
