Symantec Altiris DS SQL injection

Added: 11/18/2013
CVE: CVE-2008-2286
BID: 29198
OSVDB: 45313

Background

Altiris Deployment Solution (DS) is software for managing the configuration of machines on a network.

Problem

An SQL injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted notification packet to port 402/tcp.

Resolution

Apply the update referenced in SYM008-012.

References

<http://www.securityfocus.com/archive/1/492229&gt;

Limitations

Exploit requires the tftp command-line client to exist on the target computer.

Platforms

Windows