Symantec Altiris Deployment Solution holes allow code injection
A Symantec security advisory warns about vulnerabilities in Altiris Deployment Solution that potentially allow attackers from the net to remotely inject code, and local users to escalate their privileges. The vendor has made an updated version of the software available to download which fixes the holes. Altiris Deployment Solution is used for centralised software deployment across corporate networks.
The critical security hole is contained in
axengine.exe, which listens for incoming traffic on TCP port 402 by default. However, it doesn't check the submitted arguments correctly, allowing attackers to submit arbitrary SQL commands or even inject and execute arbitrary code on a system.
A flaw in the user interface allows users with restricted privileges to execute programs at a higher privilege level. The software's registry keys are not adequately protected, allowing users with restricted access rights to delete or manipulate the keys. This may cause the software to stop functioning.
Another flaw allows users with valid network login credentials to access the Domain Credentials of the Altiris software. In addition, users who have access to the installation directory of Deployment Solution may be able to exchange packages and execute software at elevated privilege levels.
The vulnerabilities are likely to affect all versions of Altiris Deployment Solution up to 6.9.176. Symantec has made this version available for download via a knowledge base article and advises administrators to download and install the update as soon as possible.
- Altiris Deployment Solution Multiple Vulnerabilities, Symantec security advisory
- Download the Symantec Altiris security update