Vulnerabilities > Symantec > Altiris Deployment Solution > High

DATE CVE VULNERABILITY TITLE RISK
2009-09-11 CVE-2009-3178 Remote vulnerability in Symantec Altiris Deployment Solution 6.9
Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, "Symantec Altiris Deployment Solution 6.9 DoS." NOTE: as of 20090909, this disclosure has no actionable information.
network
low complexity
symantec
7.8
2009-09-08 CVE-2009-3108 Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution
The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program.
local
low complexity
symantec CWE-264
7.2
2009-06-08 CVE-2008-6828 Cleartext Storage of Sensitive Information vulnerability in Symantec Altiris Deployment Solution
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.
local
low complexity
symantec CWE-312
7.8
2009-06-08 CVE-2008-6827 Missing Authentication for Critical Function vulnerability in Symantec Altiris Deployment Solution
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
local
low complexity
symantec CWE-306
7.8
2008-05-18 CVE-2008-2291 Credentials Management vulnerability in Symantec Altiris Deployment Solution 6.8
axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials.
network
low complexity
symantec CWE-255
7.5
2008-05-18 CVE-2008-2290 Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution 6.8/6.9
Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors.
local
low complexity
symantec CWE-264
7.2
2008-05-18 CVE-2008-2289 Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution
Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors.
local
low complexity
symantec CWE-264
7.2
2008-05-18 CVE-2008-2287 Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution 6.8/6.9
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse.
local
low complexity
symantec CWE-264
7.2
2008-05-18 CVE-2008-2286 SQL Injection vulnerability in Symantec Altiris Deployment Solution 6.8/6.9
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.
network
low complexity
symantec CWE-89
7.5
2008-03-24 CVE-2008-1473 Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution
The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack.
local
low complexity
symantec CWE-264
7.2