3 November 2009, 18:22

Symantec patches Altiris solutions

Symantec has released a security update for several of its Altiris resource management products. The web-based management servers in question install a vulnerable ActiveX control in Internet Explorer (IE) that allows attackers to inject and execute arbitrary code in a client. A simple visit to a specially crafted web page is all that is required for an attack to be successful.

Affected are Symantec Altiris Deployment Solution 6.9.x, Symantec Altiris Notification Server 6.0.x and Symantec Management Platform 7.0.x. Nikolas Sotiriu, who discovered the control's susceptibility to the relevant buffer overflow, has already published an exploit which demonstrates the vulnerability by starting the calculator under Windows.

See also:

Symantec Altiris Deployment Solution and Notification Server Management Web Console BrowseandSave ActiveX Overflow, security advisory from Symantec.
Symantec ConsoleUtilities ActiveX Control Buffer Overflow, advisory from Nikolas Sotiriu.

Symantec patches Altiris solutions

Internet Toolkit

SSL for free - step by step

Testing email with encryption

Shortened-breaks

The H Security Conficker information site

Tracking down malware

Health Check: Mandriva

Kernel Log: Linux 2.6.34 goes into testing

The H Update Check

Happenings: FOSS at CeBIT 2010

Of Android and the Fear of Fragmentation

Kernel Log: Stable kernels analysed, Linux without firmware, new graphics drivers

What's new in Linux 2.6.33

Health Check: FreeBSD - "The unknown giant"

New life for dead software

Price Insight Top 10

The H

The H open source

The H Security

The H Internet Toolkit