|
|
>> Symantec Altiris Deployment Solution Password Disclosure Vulnerability
|
Title : Symantec Altiris Deployment Solution Password Disclosure Vulnerability
VUPEN ID : VUPEN/ADV-2008-1197
CVE ID : CVE-2008-1754
Rated as : Moderate Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2008-04-11
|
A weakness has been identified in Symantec Altiris Deployment Solution, which could be exploited by malicious users to gain knowledge of sensitive information and take complete control of an affected system. This issue is caused due to the application storing the Deployment Solution Agent (AClient) password in clear text in system memory used by the "AClient.exe" process, which could allow a local attacker to recover the password and execute arbitrary code with SYSTEM privileges via the local agent admin interface.
Affected Products
Symantec Altiris Deployment Solution versions 6.8.x
Solution
Upgrade to Symantec Altiris Deployment Solution version 6.9.164 :
http://www.altiris.com/download.aspx
References
http://www.vupen.com/english/advisories/2008/1197
http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html
Credits
Vulnerability reported by Mazin Faour (Information Risk Management).
ChangeLog
2008-04-11 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
