icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Altiris Deployment Solution < 6.9.176 Multiple Vulnerabilities

High

Synopsis

The remote Windows host has a program that is affected by multiple vulnerabilities.

Description

The version of the Altiris Deployment Solution installed on the remote host reportedly is affected by several issues :

- A SQL injection vulnerability that could allow a user to run arbitrary code - A remote attacker may be able to obtain encrypted Altiris Deployment Solution domain credentials without authentication. - A local user could access a privileged command prompt via the Agent's user interface. - A local user could leverage a GUI tooltip to access a privileged command prompt. - A local user can modify or delete several registry keys used by the application, resulting in unauthorized access to system information or disruption of service. - A local user with access to the install directory of Deployment Solution could replace application components, which might then run with administrative privileges on an affected system.

Solution

Upgrade to Altiris Deployment Solution 6.9.176 or later and update Agents.