|
Title
|
Symantec Altiris Client Service Privilege Escalation Vulnerability
|
|
ID
|
SYBSEC-ADV15
|
|
Severity
|
HIGH
|
|
History
|
20.AUG.2007 Vulnerability discovered
12.MAR.2008 Vendor contacted
14.MAY.2008 Release Hotfix
|
|
Scope
|
Privilege Escalation
|
|
Platforms
|
Altiris Client Service
|
|
Author
|
|
|
URL
|
http://www.sybsecurity.com/advisors/SYBSEC-ADV15-Symantec_Altiris_Client_Privilege_Escalation_Vulnerability
|
|
Release
|
Public
|
|
Overview
|
Altiris Inc. is a subsidiary of Symantec specializing in service-oriented management
software which allows organizations to manage IT assets. They also provide software for web
services, security, and systems management products. Altiris has solutions to meet regulatory
and legal requirements. This includes auditing, security, change management and patch management
of software.
|
|
Affected versions
|
The vulnerability has been reported in versions Altiris Client Service
Altiris Client 6.5.248
Altiris Client 6.5.299
Altiris Client 6.8.378
|
|
Description
|
A vulnerability has been identified in Symantec Altiris Service,
which could be exploited by local attackers to obtain elevated privileges.
|
|
Workaround
|
|
|
Acknowledgments
|
|
|
References
|
|
|
Details
|
This issue is caused by an unspecified error in the Altiris Client Service, which could allow malicious
users to execute arbitrary code with elevated privileges via a WM_COMMANDHELP attack.
|
|
Exploit tool
|
|
Buscar
