Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.
Weakness
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Altiris_deployment_solution | Symantec | * | 6.9.355 (excluding) |
| Altiris_deployment_solution | Symantec | 6.9.355 (including) | 6.9.355 (including) |
Potential Mitigations
Related Attack Patterns
References
- http://secunia.com/advisories/31773
- http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html
- http://www.securityfocus.com/bid/31767
- http://www.securitytracker.com/id?1021072
- http://www.vupen.com/english/advisories/2008/2876
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46007
- http://secunia.com/advisories/31773
- http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html
- http://www.securityfocus.com/bid/31767
- http://www.securitytracker.com/id?1021072
- http://www.vupen.com/english/advisories/2008/2876
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46007