|Exploit publicly available||No|
A local access elevation of privilege issue has been identified and resolved in the Symantec Altiris Deployment Solution Client GUI. Successful exploitation could result in unauthorized local system access on a client system.
|Altiris Deployment Solution||6.X||All||6.9.355 SP1|
Brett Moore, Insomnia Security, identified Altiris Deployment Solution agents as susceptible to a privilege escalation vulnerability taking advantage of windows messaging to bypass client security settings in the Client GUI. Successful exploitation could lead to an authorized but non-privileged user potentially leveraging local system access on the targeted client system.
Symantec engineers have verified and resolved this issue in Altiris Deployment Solution 6.9 SP1. Updates are available as follows:
As part of normal best practices, Symantec strongly recommends:
SecurityFocus, http://www.securityfocus.com, has assigned a Bugtraq ID(BID31766) to this issues for inclusion in the SecurityFocus vulnerability data base.
A CVE Candidate name will be requested from the Common Vulnerabilities and Exposures (CVE) initiative for this issue. This advisory will be revised accordingly upon receipt of the CVE Candidate name. This issue is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems
Symantec would like to thank Brett Moore, Insomnia Security, for reporting this issue and providing full coordination while Symantec resolved it.