Lucene search

[email protected]CVE-2008-1754

HistoryApr 11, 2008 - 9:05 p.m.

CVE-2008-1754

2008-04-1121:05:00

CWE-310

[email protected]

web.nvd.nist.gov

symantec

altiris

deployment solution

cve-2008-1754

aclient

password

cleartext

memory

vulnerability

nvd

1.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory.

Affected configurations

NVD

Node

symantecaltiris_deployment_solutionRange≤6.8sp2

symantecaltiris_deployment_solutionMatch6.8sp1

symantecaltiris_deployment_solutionMatch6.8.380

CPENameOperatorVersion
symantec:altiris_deployment_solutionsymantec altiris deployment solutionle6.8
symantec:altiris_deployment_solutionsymantec altiris deployment solutioneq6.8.380

CPE	Name	Operator	Version
symantec:altiris_deployment_solution	symantec altiris deployment solution	le	6.8
symantec:altiris_deployment_solution	symantec altiris deployment solution	eq	6.8.380

References

secunia.com/advisories/29771

securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html

www.osvdb.org/44388

www.securityfocus.com/bid/28707

www.securitytracker.com/id?1019825

www.vupen.com/english/advisories/2008/1197/references

exchange.xforce.ibmcloud.com/vulnerabilities/41771

1.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-1754

cvelist1 prion1 nvd1 nessus1