>> Altiris Deployment Solution Directory Traversal and Privilege Escalation
Title : Altiris Deployment Solution Directory Traversal and Privilege Escalation VUPEN ID : VUPEN/ADV-2007-3673 CVE ID : CVE-2007-3874 - CVE-2007-5838
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-11-01
Technical Description
Multiple vulnerabilities have been identified in Symantec Altiris Deployment Solution, which could be exploited by remote attackers to gain knowledge of sensitive information or by malicious users to obtain elevated privileges.
The first issue is caused by a directory traversal error in the tftp/mftp daemon, which could be exploited by remote attackers to gain unauthorized read access to privileged system files.
The second vulnerability is caused by an error in the Aclient process that runs with SYSTEM privileges, which could be exploited by local attackers to open or execute files with SYSTEM privileges by using the browser option.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
