---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Symantec Altiris Notification Server Static Encryption Key SECUNIA ADVISORY ID: SA38356 VERIFY ADVISORY: http://secunia.com/advisories/38356/ DESCRIPTION: A security issue has been reported in Symantec Altiris Notification Server, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application using a static encryption key to encrypt and store certain credentials. This can be exploited to disclose the credentials and e.g. gain unauthorised access to discovery information or potentially gain elevated access on the server or network. This also affects configurations that use SQL Server credentials and can result in unauthorised information disclosure, potential elevated access, or unauthorised access to information stored in the Notification Server database. The security issue is reported in Symantec Altiris Notification Server 6.0.x. SOLUTION: Update to Symantec Altiris Notification Server 6.0 SP3 R12. https://kb.altiris.com/article.asp?article=46763&p=1 PROVIDED AND/OR DISCOVERED BY: The vendor credits Matthew Burnett. ORIGINAL ADVISORY: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100128_00 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------