Vulnerabilities > CVE-2007-5838 - Configuration vulnerability in Symantec Altiris Deployment Solution 6/6.8
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Windows |
| NASL id | ALTIRIS_6_8_380.NASL |
| description | The version of the Altiris Client Agent (aclient) installed on the remote host contains a flaw in its browser option whereby a local user can open or execute files on the affected host with SYSTEM privileges. It also contains a directory traversal vulnerability that allows a local user to read privileged system files. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 27596 |
| published | 2007-10-31 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/27596 |
| title | Altiris AClient < 6.8.380 Local Vulnerabilities |
References
- http://secunia.com/advisories/27412
- http://www.irmplc.com/index.php/111-Vendor-Alerts
- http://www.irmplc.com/index.php/152-Advisory-022
- http://www.securityfocus.com/bid/26265
- http://www.securitytracker.com/id?1018876
- http://www.symantec.com/avcenter/security/Content/2007.10.31a.html
- http://www.vupen.com/english/advisories/2007/3673
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38180