Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2766

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-2766
Last Modified 10 Sep 2008 03:43:31
Published 02 Sep 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2766

Summary

Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.Liveupdate log file, which allows attackers to obtain the username and password to the internal LiveUpdate server.

Vulnerable Systems

Application

  • Symantec Norton Antivirus 9.0.1.1.1000

  • Symantec Norton Antivirus 9.0.4


References

BUGTRAQ - 20050831 Vulnerability in Symantec Anti Virus Corporate Edition v9.x


Last Updated: 27 May 2016 10:40:38