icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Altiris Deployment Solution 6.9.x < 6.9.430 Multiple Vulnerabilities

High

Synopsis

The remote Windows host is vulnerable to multiple attack vectors.

Description

The version of Altiris Deployment Solution installed on the remote host is earlier than 6.9 SP3 Build 430. Such versions are potentially affected by multiple issues :

- An authentication bypass vulnerability when 'DBManager' authentication is used.

- An authentication-bypass vulnerability caused by a race condition when files are transfered from the server to a client.

A local privilege escalation vulnerability in the 'Aclient' client GUI.

- A race-condition exists in the 'AClient' client application that an attacker can exploit to execute malicious commands with SYSTEM-level privileges.

Solution

Upgrade to Altiris Deployment Solution 6.9 SP3 Build 430