Insomnia : ISVA-080516.1 - Altiris Deployment Solution - SQL Injection

Type securityvulns
Reporter Securityvulns
Modified 2008-05-20T00:00:00


Insomnia Security Vulnerability Advisory: ISVA-080516.1

Name: Altiris Deployment Solution - SQL Injection Released: 16 May 2008

Vendor Link:

Affected Products: Altiris Deployment Solution 6.8.x & 6.9.x

Original Advisory:

Researcher: Brett Moore, Insomnia Security


Altiris deployment solution is a suite installed to manage the configuration and operation of machines on the network. SQL Server is used as the backend database.

Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request that will result in the exploitation of a SQL Injection vulnerability. This leads to database access under the context of the Deployment server, which typically then allows, command execution under the context of the SQL Server.

Note that through access to the SQL server, it is possible to take control of all clients managed by the server.


When a client machine that is running Altiris client 'comes alive' it makes contact with the Deployment server and sends a notification packet to alert the server that the client machine is available.

This packet is an ASCII based packet with a terminating NULL character.

At least two of the strings contained in this packet can be used to inject arbitrary SQL syntax into a SQL call, resulting in SQL injection.


Symantec have released a security update to address this issue;


The information is provided for research and educational purposes only. Insomnia Security accepts no liability in any form whatsoever for any direct or indirect damages associated with the use of this information.

Insomnia Security Vulnerability Advisory: ISVA-080516.1