CVE-2008-6828
https://notcve.org/view.php?id=CVE-2008-6828
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. Altiris Deployment Solution v6.x anterior a 6.9.355 SP1 de Symantec almacena la contraseña de "Application Identity Account" (cuenta de identidad de aplicación) en texto claro, lo que permite a usuarios locales obtener privilegios y modificar clientes de "Deployment Solution Server". • http://secunia.com/advisories/31773 http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html http://www.securityfocus.com/bid/31767 http://www.securitytracker.com/id?1021072 http://www.vupen.com/english/advisories/2008/2876 https://exchange.xforce.ibmcloud.com/vulnerabilities/46007 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2008-2289
https://notcve.org/view.php?id=CVE-2008-2289
Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. Vulnerabilidad no especificada en un elemento tooltip en Symantec Altiris Deployment Solution 6.8.x y 6.9.x anterior a 6.9.176 permite a usuarios locales obtener privilegios mediante vectores de ataque desconocidos. • http://marc.info/?l=bugtraq&m=122167472229965&w=2 http://secunia.com/advisories/30261 http://www.securityfocus.com/bid/29218 http://www.securitytracker.com/id?1020024 http://www.symantec.com/avcenter/security/Content/2008.05.14a.html http://www.vupen.com/english/advisories/2008/1542/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42440 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-2291 – Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2008-2291
axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials. axengine.exe en Symantec Altiris Deployment Solution 6.8.x y 6.9.x en versiones anteriores a 6.9.176 genera credenciales con un sal fijado o sin sal, lo que hace que sea más fácil para atacantes remotos adivinar las credenciales de dominio cifradas. This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe service listening by default on TCP port 402. The service allows a remote client to request encrypted domain credentials without authentication. • http://marc.info/?l=bugtraq&m=122167472229965&w=2 http://secunia.com/advisories/30261 http://www.insomniasec.com/advisories/ISVA-080516.2.htm http://www.securityfocus.com/archive/1/492128/100/0/threaded http://www.securityfocus.com/archive/1/492228/100/0/threaded http://www.securityfocus.com/bid/29199 http://www.securitytracker.com/id?1020024 http://www.symantec.com/avcenter/security/Content/2008.05.14a.html http://www.vupen.com/english/advisories/2008/1542/references http • CWE-255: Credentials Management Errors •