CVE-2008-2287
https://notcve.org/view.php?id=CVE-2008-2287
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse. Symantec Altiris Deployment Solution 6.8.x y 6.9.x anterior a 6.9.176 no protege correctamente el directorio install, lo que podría permitir a usuarios locales obtener privilegios reemplazando un componente de una aplicación por un troyano. • http://marc.info/?l=bugtraq&m=122167472229965&w=2 http://secunia.com/advisories/30261 http://www.securityfocus.com/bid/29197 http://www.securitytracker.com/id?1020024 http://www.symantec.com/avcenter/security/Content/2008.05.14a.html http://www.vupen.com/english/advisories/2008/1542/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42442 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-2286 – Symantec Altiris Deployment Solution SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2008-2286
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet. Vulnerabilidad de inyección SQL en axengine.exe en Symantec Altiris Deployment Solution 6.8.x y 6.9.x en versiones anteriores a 6.9.176 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de campos de cadena no especificado en un paquete de notificación. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe process listening by default on TCP port 402. A lack of proper sanitation while parsing requests allows for a remote attacker to inject arbitrary SQL statements into the database. • https://www.exploit-db.com/exploits/29552 http://marc.info/?l=bugtraq&m=122167472229965&w=2 http://osvdb.org/show/osvdb/45313 http://secunia.com/advisories/30261 http://www.exploit-db.com/exploits/29552 http://www.securityfocus.com/archive/1/492127/100/0/threaded http://www.securityfocus.com/archive/1/492229/100/0/threaded http://www.securityfocus.com/bid/29198 http://www.securitytracker.com/id?1020024 http://www.symantec.com/avcenter/security/Content/2008.05.14a • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •