In association with heise online

07 June 2007, 11:02

UDP packets cause Symantec's Ghost Solution to crash

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Symantec provides an update for its Ghost Solution Suite that should eliminate three vulnerabilities which cause the service to crash, both on the Ghost backup server and on the server modules of clients on the LAN. Ghost is a disk imaging solution for businesses which backs up and restores the content of Windows client hard disks over the network.

According to iDefense, merely sending a crafted UDP packet to the service, which listens on ports 1346 and 1347, is sufficient to cause a memory violation in a network library and thereby cause a crash. Authentication is not required. The report states that by using multicast a single packet can crash the Ghost service on all the computers of a LAN. Unfortunately, in the case of an error, the service does not restart under Windows.

Symantec Ghost Solution Suite 2.0.0 and previous versions are affected. A patch is already being distributed automatically over LiveUpdate for 2.0.0. Users of Version 1.1 have to manually download a patch in the appropriate language. Further instructions can be found in the error report from Symantec.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit