UDP packets cause Symantec's Ghost Solution to crash
Symantec provides an update for its Ghost Solution Suite that should eliminate three vulnerabilities which cause the service to crash, both on the Ghost backup server and on the server modules of clients on the LAN. Ghost is a disk imaging solution for businesses which backs up and restores the content of Windows client hard disks over the network.
According to iDefense, merely sending a crafted UDP packet to the service, which listens on ports 1346 and 1347, is sufficient to cause a memory violation in a network library and thereby cause a crash. Authentication is not required. The report states that by using multicast a single packet can crash the Ghost service on all the computers of a LAN. Unfortunately, in the case of an error, the service does not restart under Windows.
Symantec Ghost Solution Suite 2.0.0 and previous versions are affected. A patch is already being distributed automatically over LiveUpdate for 2.0.0. Users of Version 1.1 have to manually download a patch in the appropriate language. Further instructions can be found in the error report from Symantec.
- Multiple Symantec Ghost Solution Suite Vulnerabilities, error report from Symantec
- Symantec Ghost Multiple Denial of Service Vulnerabilities, error report from iDefense