Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Altiris Deployment Solution < 6.9.176 Multiple Vulnerabilities



The remote Windows host has a program that is affected by multiple vulnerabilities.


The version of the Altiris Deployment Solution installed on the remote host reportedly is affected by several issues :

- A SQL injection vulnerability that could allow a user to run arbitrary code - A remote attacker may be able to obtain encrypted Altiris Deployment Solution domain credentials without authentication. - A local user could access a privileged command prompt via the Agent's user interface. - A local user could leverage a GUI tooltip to access a privileged command prompt. - A local user can modify or delete several registry keys used by the application, resulting in unauthorized access to system information or disruption of service. - A local user with access to the install directory of Deployment Solution could replace application components, which might then run with administrative privileges on an affected system.


Upgrade to Altiris Deployment Solution 6.9.176 or later and update Agents.