Altiris Deployment Solution < 6.9.176 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 4504


The remote Windows host has a program that is affected by multiple vulnerabilities.


The version of the Altiris Deployment Solution installed on the remote host reportedly is affected by several issues :

- A SQL injection vulnerability that could allow a user to run arbitrary code
- A remote attacker may be able to obtain encrypted Altiris Deployment Solution domain credentials without authentication.
- A local user could access a privileged command prompt via the Agent's user interface.
- A local user could leverage a GUI tooltip to access a privileged command prompt.
- A local user can modify or delete several registry keys used by the application, resulting in unauthorized access to system information or disruption of service.
- A local user with access to the install directory of Deployment Solution could replace application components, which might then run with administrative privileges on an affected system.


Upgrade to Altiris Deployment Solution 6.9.176 or later and update Agents.

See Also

Plugin Details

Severity: High

ID: 4504

File Name: 4504.prm

Family: Generic

Published: 2004/08/18

Modified: 2016/11/23

Dependencies: 4179

Nessus ID: 32323

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 8.4

Temporal Score: 7.8


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Exploitable With

Metasploit (Symantec Altiris DS SQL Injection)

Reference Information

CVE: CVE-2008-2286, CVE-2008-2287, CVE-2008-2288, CVE-2008-2289, CVE-2008-2290, CVE-2008-2291

BID: 29218, 29194, 29196, 29197, 29198, 29199

OSVDB: 45313, 45314, 45315, 45316, 45317, 45318