Altiris AClient < 6.9.164 Multiple Local Vulnerabilities

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.

Synopsis :

The remote Windows host has a program that is affected by multiple
privilege escalation vulnerabilities.

Description :

The version of the Altiris Client Agent (aclient) installed on the
remote host reportedly is susceptible to a shatter attack that could
allow a local user to elevate his or her privileges on the affected

In addition, the Altiris Deployment Solution reportedly stores the
AClient password in system memory. By dumping system memory for
AClient.exe, a local user could potentially recover the password and
use that to gain access to the local agent admin interface, which in
turn could allow for code execution with system level privileges.

See also :

Solution :

Upgrade to Altiris Deployment Solution Agent 6.9.164 or later.

Risk factor :

High / CVSS Base Score : 7.2
CVSS Temporal Score : 6.3
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 31417 (altiris_6_9_164.nasl)

Bugtraq ID: 28110

CVE ID: CVE-2008-1473

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now