|Exploit publicly available||No|
An escalation of privilege vulnerability in the Symantec Altiris Deployment Solution Agent (AClient.exe) has been resolved.
|Altiris Deployment Solution||6.8.x||All||6.9.164|
The Symantec Altiris Deployment Server Agents are susceptible to privilege escalation vulnerability, commonly known as a shatter attack, which can lead to unauthorized privileged access. This attack is limited to users with login access to systems running the Symantec Altiris Deployment Solution Agent (AClient.exe).
Symantec engineers have verified and resolved this vulnerability. The following steps are required for remediation of this security issue:
As part of normal best practices, Symantec strongly recommends:
SecurityFocus, http://www.securityfocus.com, has assigned a Bugtraq ID(BID) to this issue for inclusion in the SecurityFocus vulnerability data base. The BID assigned is 28110 which can be found at http://www.securityfocus.com/bid/28110.
Symantec would like to thank Brett Moore of Insomnia Security for reporting this issue and for providing full coordination while Symantec resolved it.