icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Altiris Deployment Solution < 6.9 SP4 DBManager DoS (SYM10-007)

Medium

Synopsis

The remote Windows host has a deployment server that is affected by a denial of service vulnerability.

Description

The version of Altiris Deployment Solution installed on the remote host is earlier than 6.9 SP4. Such versions are reportedly affected by a denial of service vulnerability. The DBManager component has a user-after-free error when processing specially crafted 'CreateSession' and 'PXEManagerSignOn' requests. A remote attacker could exploit this to crash the DBManager service.

Solution

Upgrade to Altiris Deployment Solution Server 6.9 SP4 or later.