Vulnerabilities are lurking around the sensitive computer security world each day. Malicious users are constantly trying to discover new methods to exploit a bunch of different vulnerabilities in order to destroy computer systems and steal finances. Conversely, well-meant ordinary computer users are always searching for effective computer security tools to protect their computer systems, or searching for remedies to fix a victimized machine.
Multiple vulnerabilities have recently emerged in the Symantec Altiris Deployment Solution, during client/server communications. Affected programs include Symantec Altiris Deployment Solution versions 6.9.x. Some time ago a number of vulnerabilities were found in Symantec Altiris Deployment Solution as well. In fact, Symantec software is one of the most popular targets for vicious users. In fact, just a few days ago multiple vulnerabilities were found in several Symantec products. Fortunately, those security flaws were fixed.
Perhaps you are a current user of the Symantec Altiris Deployment Solution? If so, you surely know what it is and how it functions. However, there might be some users who would like to get to know about this specific software program. Let me introduce those readers to this particular software program. Altiris service-oriented management solutions offer a modular and future-proof approach to manage highly diverse and widely distributed IT infrastructures. They are open solutions that allow lifecycle integration of client, handheld, server, network and other IT assets with audit-ready security and automated operation. The Symantec Altiris Deployment Solution can run on Windows 2003/XP/Vista. Some files related to Windows Server 2003 include: Namespace.dll, mailmsg.dll, wadv07nt.sys, CORPerfMonExt.dll and backsnap.dll.
Image 1. Symantec Altiris application
Malicious, local users could exploit these particular vulnerabilities with the high ambitions to obtain increased rights. In addition, malicious people could exploit these flaws to bypass special security restrictions, access private information and create a denial of service conditions. Below you will find the specifications of all the vulnerabilities:
- An error occurs in the DBManager authentication mechanism while dealing with incoming network packets. This could be exploited in order to change the Altiris Database and, for instance, add or remove users, or possibly change scheduled tasks. This vulnerability is rated as highly severe.
- The Aclient GUI executable is installed with vulnerable default permissions. This could be exploited to run arbitrary code with increased rights by replacing the file. This vulnerability is rated as possibly, highly severe.
- An error occurs while using the AClient agent with key-based authentication allowed. This could be exploited in order to execute arbitrary commands on client systems by impersonating a legitimate server before the authentication handshake phase. This vulnerability is considered to be of medium severity.
- A race condition error in the file transfer functionality could be exploited in order to download easily affected files exported by a server and end the client update process. This vulnerability is considered to be of low severity.
Users of the Symantec Altiris Deployment Solution should note that if encryption is allowed, this weakness can only be exploited with the aim to influence the client update process.
Lastly, I would like to tell you the solution to this security problem. Fortunately, a solution was found. Users of the Symantec Altiris Deployment Solution, whose systems were affected by the multiple vulnerabilities, are recommended to update their installations, at least, to version 6.9 SP3 Build 430.