----------------------------------------------------------------------

Secunia Network Software Inspector 2.0 (NSI) - Public Beta

The Public Beta has ended. Thanks to all that participated.

Learn more:
http://secunia.com/network_software_inspector_2/

----------------------------------------------------------------------

TITLE:
Symantec Altiris Deployment Solution Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA30261

VERIFY ADVISORY:
http://secunia.com/advisories/30261/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data, Exposure of sensitive information, Privilege
escalation, System access

WHERE:
>From local network

SOFTWARE:
Altiris Deployment Solution 6.x
http://secunia.com/product/4070/

DESCRIPTION:
Some vulnerabilities and security issues have been reported in
Symantec Altiris Deployment Solution, which can be exploited by
malicious, local users to gain escalated privileges or manipulate
certain data, and by malicious people to disclose sensitive
information, conduct SQL injection attacks, and to compromise a
vulnerable system.

1) Input passed via unspecified parameters is not properly sanitised
before being used in an SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows execution of arbitrary code on an
affected system.

2) An unspecified error can be exploited to request and obtain
encrypted Altiris Deployment Solution domain credentials without
authentication.

NOTE: Weaknesses in the encryption can potentially result in the
unauthorized exposure of these domain credentials.

3) An unspecified error can be exploited to access a privileged
command prompt via the user interface of the Altiris Deployment
Solution Agent.

4) An unspecified error can be exploited to access a command prompt
running with escalated user privileges via a common graphical user
interface element (tooltip).

5) Several registry keys are created with improper permissions, which
can be exploited to modify or delete these registry keys.

6) Improper permissions can potentially be exploited to replace
application components within the installation directory of
Deployment Solution, which run with administrative privileges on an
affected system.

The vulnerabilities and security issues are reported in version 6.8.x
and 6.9.x prior to build 6.9.176.

SOLUTION:
Update to version 6.9.176 or install hotfix (KB 41418):
http://kb.altiris.com/

Note: This hotfix requires a rollout of upgraded DS Agent software.

PROVIDED AND/OR DISCOVERED BY:
1, 2) The vendor credits Brett Moore of Insomnia Security, working
with ZDI.
3 - 6) The vendor credits Alex Hernandez of sybsecurity.com and
Eduardo Vela.

ORIGINAL ADVISORY:
SYM008-012:
http://securityresponse.symantec.com/avcenter/security/Content/2008.05.14a.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------