In association with heise online

13 February 2008, 09:27

Symantec patches Ghost Solution Suite

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Symantec has released an update for its Ghost Solution Suite, which fixes a vulnerability in the way the Ghost console communicates with the Ghost Management Agent. The report admits that the Suite does not authenticate network connections, thus giving a potential attacker access to all clients and the ability to execute commands on the clients with System privileges. However, to exploit the weakness, the attacker would have to have previously initiated an ARP spoofing attack to impersonate the Symantec Ghost Solution Suite server.

The vulnerability affects Versions 1.1, 2.0.0 and 2.0.1. The update for Version 1.1 may be downloaded here: Symantec Ghost Solution Suite 1.1: Server Authentication Vulnerability. Versions 2.x will receive the update via LiveUpdate.

The Ghost Solution Suite is designed to deploy software under Windows and supports imaging.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit