APP: Symantec Altiris DS SQL Injection
This signature detects attempts to exploit multiple SQL Injection vulnerability in Symantec Altiris. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Extended Description
Symantec Altiris Deployment Solution is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers. Versions prior to Symantec Altiris Deployment Solution 6.9.176 are vulnerable.
Affected Products
Symantec altiris_deployment_solution
Short Name
APP:SYMC:ALTIRIS-DS-SQL-INJ
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Altiris CVE-2008-2286 DS Injection SQL Symantec bid:29198
Release Date
03/07/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
tcp/402
False Positive
Unknown
Vendors
Hp
Symantec
CVSS Score
7.5