|Exploit publicly available||No|
A non-privileged user can leverage the Symantec Altiris Notification Server Agent Graphical User Interface (GUI) to gain privileged access to the system.
|Altiris Notification Server Agent||6.X||All||6.0 SP3 R8|
Insomnia Security notified Symantec that there was a local elevation of privilege vulnerability in the Altiris Notification Server Agent GUI. By successfully leveraging the issue, authorized but non-privileged users on a local system could potentially gain unauthorized, elevated access to that system.
Symantec engineers have verified the vulnerability does exist in versions of the Altiris Notification Server Agent listed above and released an update to resolve this issue.
Symantec knows of no exploitation of or adverse customer impact from these issues.
The update to resolve this issue can be obtained as follows:
As part of normal best practices, Symantec strongly recommends:
Symantec would like to thank Brett Moore of Insomnia Security for reporting this issue and for providing full coordination while Symantec resolved it.
SecurityFocus, http://www.securityfocus.com, has assigned a Bugtraq ID (BID), 29708 to this issue for inclusion in the SecurityFocus vulnerability data base. The BID can be found at http://www.securityfocus.com/bid/29708
A CVE Candidate name will be requested from the Common Vulnerabilities and Exposures (CVE) initiative for this issue. This advisory will be revised accordingly upon receipt of the CVE Candidate name. This issue is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.