Altiris Deployment Solution Server < 6.9.355 Password Disclosure (SYM08-020) (deprecated)

Medium Nessus Network Monitor Plugin ID 4772

Synopsis

The remote Windows host has a program that is affected by a password disclosure vulnerability.

Description

The version of the Altiris Deployment Solution installed on the remote host is reportedly affected by a password disclosure vulnerability. Altiris Deployment Solution Server reportedly stores 'Application Identity Account password' in the system memory in plaintext. It may be possible for an authorized non-privileged user to retrieve this password and make unauthorized modifications to the client systems. The level of unauthorized access depends on the user group under which Application Identity Account was registered during installation.

Solution

Upgrade to version 6.9 Build 355 or higher.

See Also

http://www.symantec.com/avcenter/security/Content/2008.10.20b.html

Plugin Details

Severity: Medium

ID: 4772

File Name: 4772.prm

Family: Generic

Published: 2008/12/01

Modified: 2016/01/21

Dependencies: 4179

Nessus ID: 34964

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2008-6828

BID: 31767

OSVDB: 54976