Title: Altiris Deployment Solution Client Service Local Privilege Escalation Vulnerability
Severity: MODERATE
Description:
Altiris Deployment Solution is an operating system deployment and configuration application. It consists of a deployment server and multiple clients that connect to the deployment server.
Altiris Deployment Solution Client allows a user to activate the client interface by easily launching the software from an icon in the Windows system tray. It is reported that a local user may exploit the client interface to escalate privileges. This vulnerability exists because the affected software fails to drop SYSTEM privileges.
Reports indicate that by invoking the 'View Log File' functionality provided in the client interface, the notepad.exe application will be spawned with SYSTEM privileges. This may allow an attacker to further compromise a computer.
It should be noted that although this vulnerability is reported to exist in Altiris Deployment Solution version 5.6 SP1 (Hotfix E) other versions might also be affected.
Affected Products:
- Altiris Deployment Solution 0.0.05.6 SP1 (Hotfix E)
References:
- Symantec: Altiris Deployment Solution Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
