SYM07-025
October 30, 2007
Altiris Deployment Solution Directory Traversal

Revision History
10/31/07 - Updated threat table and KB number
11/28/07 - Updated solution build information

Risk Impact
Medium

Remote AccessYes
Local AccessYes
Authentication RequiredYes
Exploit availableNo

Overview
Symantecís Altiris Deployment Solution is vulnerable to an elevation of privilege attack.

Affected Products
ProductVersionBuildSolution
Altiris Deployment Solution6.xSP26.8.8400.49


Details
A directory traversal vulnerability exists in the Altiris Deployment solution. This vulnerability can allow read access to privileged system files.

Symantec Response
Symantec engineers have verified and removed this option. An update is now available for download.

Download and installation instructions:

  1. Go to http://kb.altiris.com
  2. Search for KB 38304.
  3. Select KB link and download file.
  4. After downloading the file, execute and follow the installer instructions to upgrade Deployment Solution.

Best Practices
As part of normal best practices, Symantec strongly recommends:

References
SecurityFocus, http://www.securityfocus.com, has assigned a Bugtraq ID(BID) to this issue for inclusion in the SecurityFocus vulnerability data base. The BID assigned is 26266 which can be found at http://www.securityfocus.com/bid/26266.


Credit
Symantec would like to thank Manuel Santamarina Suarez, working with the iDefense Vulnerability Contributor Program (http://www.idefense.com), for reporting this issue.


Initial Post on: Wednesday, 30-Oct-07 23:15:00
Last modified on: