Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted backup file.

Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.