J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1537
    posted: 11/06/09
  • NSM Daily Update #1537
    posted: 11/06/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1537
    posted: 11/06/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/06/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/05/09

Title: Altiris Deployment Server Remote Command Execution Vulnerability

Severity: CRITICAL

Description:

Altiris Deployment Server is a client/server administration package designed to allow remote administration of many client computers in a corporate network environment. It supports remote administration of Windows, Linux and Pocket-PC client computers.

Altiris Deployment Server is reported vulnerable to a remote command execution vulnerability in the client portion of the software. This is due to a failure of the application to properly authenticate that commands originate from an authorized server.

The specific vulnerability is described as a failure of the application to ensure that the server is authorized to send commands. No authentication capability is reportedly to exist in the package. The client process on the managed computers can be configured to multicast requests to locate deployment servers. Attackers that can beat the response of the valid server can assume the roll of the server and issue commands. Attackers may also be able to exploit other vulnerabilities to disable the proper deployment server and assume its roll on the network.

Clients can be configured to encrypt the communications between the server and itself. Session keys are negotiated when client computers are rebooted. Attackers can exploit this feature to impersonate the proper deployment server by being the first to respond when client computers are rebooted, as they will negotiate the encryption session keys with the first deployment server that responds.

This vulnerability allows attackers with local access to a network to impersonate a valid deployment server and issue arbitrary commands to the client computers.

Update: It is also reported that this issue can allow remote attackers to gain control of a vulnerable computer through the Altiris remote control feature. It is conjectured that this may allow the attacker to completely compromise the affected computer.

Affected Products:

  • Altiris Deployment Server 5.0.1
  • Altiris Deployment Server 5.5.0
  • Altiris Deployment Server 6.0.0
  • Altiris Deployment Server 6.1.0
  • Altiris Deployment Server 6.1.0 SP1

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.