In association with heise online

01 November 2007, 13:26

Altiris PXE server discloses information

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Symantec has released an update for its Altiris management solution to remedy a vulnerability. Security provider iDefense reports that the TFTP service of a PXE server included in the software contains a directory-traversal vulnerability that allows files to be read. Read access is provided to all files because the service runs with system rights under Windows.

While Symantec's security advisory states that authentication is required, TFTP does not support authentication. In its description of the problem, iDefense says that no authentication is required. According to its security advisory, version 6.8.8297.48 of the file pxemtftp.exe is affected. As an alternative to the update, iDefense recommends disabling the server for the Pre-Boot Execution Environment (PXE).

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit