Vulnerability Type / Importance: Privilege Escalation/ Medium
Problem Discovered: 24 May 2007
Vendor Contacted: 25 May 2007
Advisory Published: 13 August 2007
Abstract:
Symantec’s Altiris Deployment Solution is vulnerable to a privilege escalation attack.
Description:
Altiris® Deployment Solution™ is an “automated deployment solution that offers OS deployment, configuration, PC “personality” migration, and software deployment across hardware platforms and OS types”.
A local privilege escalation vulnerability can be exploited through the Aclient to provide Windows local SYSTEM privileges.
Technical Details:
The Aclient component is installed on client machines to provide communication with the Deployment servers. The Aclient process (aclient.exe) runs with local SYSTEM privilege, which can be used to escalate privilege. By using the “Log File Viewer” or the “Enable key-based authentication to Deployment server” browse option it is possible to open or execute commands with local system privilege.
Vendor & Patch Information:
Symantec has released an update for the client and provided the following details:
Download and installation instructions:
· Go to http://www.altiris.com/download.aspx and enter a valid email address
· In the dropdown box, select "Deployment Solution for Clients 6.8 SP2"
· Click Submit
· After downloading the file, execute and follow the installer instructions to upgrade Deployment Solution
Workaround:
IRM is not aware of any workaround that will resolve this vulnerability.
Tested/Affected Versions:
Altiris Deployment Solution version 6.X (build 282 and earlier)
Credits:
Research & Advisory: Mazin Faour
Disclaimer:
All information in this advisory is provided on an "as is" basis in the hope that it will be useful. Information Risk Management Plc is not responsible for any risks or occurrences caused by the application of this information.