Sign-up

ID

VAR-200509-0196


CVE

CVE-2005-2766


TITLE

Symantec AntiVirus Update Local Information Disclosure Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200509-026

DESCRIPTION

Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.Liveupdate log file, which allows attackers to obtain the username and password to the internal LiveUpdate server. Symantec LiveUpdate Client is susceptible to a local information disclosure vulnerability. A local attacker can subsequently access the file and disclose authentication credentials to access the server. This may lead to various attacks including the potential compromise of the server. Symantec Antivirus is an antivirus software produced by Symantec Corporation

Trust: 1.26

sources: NVD: CVE-2005-2766 // BID: 14708 // VULHUB: VHN-13975

AFFECTED PRODUCTS

vendor:symantecmodel:norton antivirusscope:eqversion:9.0.4

Trust: 1.6

vendor:symantecmodel:norton antivirusscope:eqversion:9.0.1.1.1000

Trust: 1.6

vendor:symantecmodel:liveupdate buildscope:eqversion:2.734

Trust: 0.3

vendor:symantecmodel:antivirus corporate editionscope:eqversion:9.0.4

Trust: 0.3

vendor:symantecmodel:antivirus corporate editionscope:eqversion:9.0.1.1.1000

Trust: 0.3

vendor:symantecmodel:liveupdate buildscope:neversion:2.738

Trust: 0.3

vendor:symantecmodel:liveupdatescope:neversion:2.6

Trust: 0.3

vendor:symantecmodel:liveupdatescope:neversion:2.5

Trust: 0.3

sources: BID: 14708 // NVD: CVE-2005-2766 // CNNVD: CNNVD-200509-026

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2005-2766
value: LOW

Trust: 1.0

CNNVD: CNNVD-200509-026
value: LOW

Trust: 0.6

VULHUB: VHN-13975
value: LOW

Trust: 0.1

NVD:
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

VULHUB: VHN-13975
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-13975 // NVD: CVE-2005-2766 // CNNVD: CNNVD-200509-026

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2766

THREAT TYPE

local

Trust: 0.9

sources: BID: 14708 // CNNVD: CNNVD-200509-026

TYPE

Design Error

Trust: 0.9

sources: BID: 14708 // CNNVD: CNNVD-200509-026

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2005-2766

EXTERNAL IDS
db:NVDid:CVE-2005-2766
Trust: 2.0
db:BUGTRAQid:20050831 VULNERABILITY IN SYMANTEC ANTI VIRUS CORPORATE EDITION V9.X
Trust: 0.6
db:CNNVDid:CNNVD-200509-026
Trust: 0.6
db:BIDid:14708
Trust: 0.4
db:VULHUBid:VHN-13975
Trust: 0.1
sources:
            
            
            VULHUB: VHN-13975 // 
            
            
            
            BID: 14708 // 
            
            
            
            NVD: CVE-2005-2766 // 
            
            
            
            CNNVD: CNNVD-200509-026

REFERENCES
url:http://marc.info/?l=bugtraq&m=112552401413998&w=2
Trust: 1.0
url:http://marc.theaimsgroup.com/?l=bugtraq&m=112552401413998&w=2
Trust: 0.6
url:http://securityresponse.symantec.com/avcenter/security/content/2005.09.02.html
Trust: 0.3
url:http://www.symantec.com
Trust: 0.3
url:/archive/1/409655
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=112552401413998&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-13975 // 
            
            
            
            BID: 14708 // 
            
            
            
            NVD: CVE-2005-2766 // 
            
            
            
            CNNVD: CNNVD-200509-026

CREDITS
Discovery is credited to <golovast@gmail.com>.
Trust: 0.9
sources:
            
            
            BID: 14708 // 
            
            
            
            CNNVD: CNNVD-200509-026

SOURCES
db:VULHUBid:VHN-13975
db:BIDid:14708
db:NVDid:CVE-2005-2766
db:CNNVDid:CNNVD-200509-026

LAST UPDATE DATE
2023-12-18T13:58:32.168000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-13975date:2016-10-18T00:00:00
db:BIDid:14708date:2009-07-12T17:06:00
db:NVDid:CVE-2005-2766date:2016-10-18T03:30:02.893
db:CNNVDid:CNNVD-200509-026date:2006-08-16T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-13975date:2005-09-02T00:00:00
db:BIDid:14708date:2005-08-31T00:00:00
db:NVDid:CVE-2005-2766date:2005-09-02T10:03:00
db:CNNVDid:CNNVD-200509-026date:2005-09-02T00:00:00