167 matches found
Symantec Altiris Deployment Solution Multiple Vulnerabilities
SUMMARY Symantecs Altiris Deployment Solution contains vulnerabilities that could potentially be leveraged for unauthorized file access or a denial of service on a client system, authentication bypass on the Server to local system-level access on a client system. AFFECTED PRODUCTS Product | Versi...
CVE-2008-6828
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server...
Command injection
The ListView control in the Client GUI AClient.exe in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to 1 overwrite the CommandLine...
CVE-2008-6828
CVE-2008-6828 affects Symantec Altiris Deployment Solution (6.x) prior to 6.9.355 SP1. Affected component: Application Identity Account handling; root cause: the Application Identity Account password is stored in memory in cleartext, enabling a local attacker to glean credentials and gain privile...
CVE-2008-6828
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server...
CVE-2008-6827
Affected software: Symantec Altiris Deployment Solution (Client GUI) with AClient.exe in 6.x before 6.9.355 SP1. Vulnerability: A local privilege escalation via the ListView control’s hidden GUI button (the “Shatter” style attack) allows overwriting the CommandLine parameter to cmd.exe to gain SY...
CVE-2008-6827
The ListView control in the Client GUI AClient.exe in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to 1 overwrite the CommandLine...
PT-2009-2297 · Symantec · Symantec Altiris Deployment Solution
Name of the Vulnerable Software and Affected Versions: Symantec Altiris Deployment Solution versions 6.x before 6.9.355 SP1 Description: The issue allows local users to gain privileges and modify clients of the Deployment Solution Server because the Application Identity Account password is stored...
PT-2009-2296 · Symantec +1 · Symantec Altiris Deployment Solution +1
Name of the Vulnerable Software and Affected Versions: Symantec Altiris Deployment Solution versions prior to 6.9.355 SP1 Description: The issue allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack. This attack targets the CommandLine parameter ...
Altiris Deployment Solution Server < 6.9.355 Password Disclosure (SYM08-020) (deprecated)
Binary data 4772.prm...
Altiris Deployment Solution Agent < 6.9.355 Local Privilege Escalation (SYM08-019)
The version of the Altiris Deployment Solution Agent installed on the remote host is affected by a local privilege escalation issue. Successful exploitation of this issue could allow an authorized non-privileged user to gain local system access on the client system. C Tenable Network Security, In...
Altiris Deployment Solution Server < 6.9.355 Password Disclosure (SYM08-020)
The version of the Altiris Deployment Solution installed on the remote host reportedly is affected by a password disclosure vulnerability. Altiris Deployment Solution Server reportedly stores 'Application Identity Account password' in the system memory in plain-text. It may be possible for an...
Symantec Altiris Deployment Solution明文口令漏洞
BUGTRAQ ID: 31767 Symantec Altiris Deployment Solution是自动化的操作系统部署解决方案,用于从统一的位置部署和管理服务器、桌面和笔记本等。 Symantec Altiris Deployment Solution代理在系统内存中以明文存储了安装期间所设置的Application Identity Account口令,授权访问Deployment Solution Server系统的非特权用户可以从系统内存检索这个口令,然后利用这个口令对客户端执行各种操作。 Symantec Altiris Deployment Solution 6.x...
Symantec Altiris Deployment Solution客户端GUI本地权限提升漏洞
BUGTRAQ ID: 31766 Symantec Altiris Deployment Solution是自动化的操作系统部署解决方案,用于从统一的位置部署和管理服务器、桌面和笔记本等。 Altiris客户端GUI的主窗口有一个隐藏按键,该按键的标题为“命令提示符”。点击这个按键会导致GUI试图用以下命令行参数调用CreateProcess: c:\Program Files\Altiris\AClient\cmd.exe...
Symantec Altiris Deployment Solution Elevation of Privilege Clear Text Password in Memory
SUMMARY An elevation of privilege issue via a privileged access password stored in memory has been identified and resolved in the Symantec Altiris Deployment Solution. Successful exploitation could potentially allow a non-privileged user with authorized access to the system hosting the Deployment...
Symantec Altiris Deployment Solution Local Access Elevation of Privilege in Client GUI
SUMMARY A local access elevation of privilege issue has been identified and resolved in the Symantec Altiris Deployment Solution Client GUI. Successful exploitation could result in unauthorized local system access on a client system. Severity Medium Remote Access adjacent network | No ---|--- Loc...
Insomnia : ISVA-080516.1 - Altiris Deployment Solution - SQL Injection
Insomnia Security Vulnerability Advisory: ISVA-080516.1 Name: Altiris Deployment Solution - SQL Injection Released: 16 May 2008 Vendor Link: http://www.altiris.com/ Affected Products: Altiris Deployment Solution 6.8.x & 6.9.x Original Advisory:...
Insomnia : ISVA-080516.2 - Altiris Deployment Solution - Domain Account Disclosure
Insomnia Security Vulnerability Advisory: ISVA-080516.2 Name: Altiris Deployment Solution - Domain Account Disclosure Released: 16 May 2008 Vendor Link: http://www.altiris.com/ Affected Products: Altiris Deployment Solution 6.8.x & 6.9.x Original Advisory:...
CVE-2008-2288
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information...
Improper access control
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information...