Symantec patches Altiris solutions - again
Symantec has released yet another security update for several of its Altiris resource management products to patch a critical vulnerability. Once again, the problem relates to the web-based management servers which install a vulnerable ActiveX control, affecting the ConsoleUtilities (AeXNSConsoleUtilities.dll
). At the beginning of the month, the manufacturer had already released an update to close a critical gap in the control.
According to the advisory, the RunCmd vulnerability "could potentially allow unauthorised execution of arbitrary code". For an attack to be successful, a victim must first be tricked into downloading malicious content by visiting a specially crafted web page. Symantec Altiris Deployment Solution 6.9.x, Symantec Altiris Notification Server 6.0.x and Symantec Management Platform 7.0.x are affected.
See also:
- Security Advisories Relating to Symantec Products - Symantec’s Altiris Deployment and Notification Management Web Console RunCmd Vulnerability, advisory from Symantec.
- Symantec patches Altiris solutions, a report from The H.
(crve)