Altiris Deployment Solution Server < 6.9.355 Password Disclosure (SYM08-020)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a program that is affected by a password
disclosure vulnerability.

Description :

The version of the Altiris Deployment Solution installed on the remote
host reportedly is affected by a password disclosure vulnerability.
Altiris Deployment Solution Server reportedly stores 'Application
Identity Account password' in the system memory in plain-text. It may
be possible for an authorized non-privileged user to retrieve this
password and make unauthorized modifications to the client systems.
The level of unauthorized access depends on the user group under which
Application Identity Account was registered during installation

See also :

http://www.symantec.com/avcenter/security/Content/2008.10.20b.html

Solution :

Upgrade to Altiris Deployment Solution 6.9 Build 355 or later.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 34964 (altiris_deployment_solution_server_6_9_355.nasl)

Bugtraq ID: 31767

CVE ID: CVE-2008-6828

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now