CVE-2010-0109
https://notcve.org/view.php?id=CVE-2010-0109
DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request. DBManager en Symantec Altiris Deployment Solution en versiones 6.9.x anteriores a DS 6.9 SP4 permite que los atacantes remotos provoquen una denegación de servicio (DoS) mediante una petición manipulada. • http://www.securityfocus.com/bid/38410 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20100420_00 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-3033 – Symantec Altiris Deployment Solution - ActiveX Control Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-3033
Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument. Desbordamiento de búfer en el método RunCmd en Altiris eXpress NS Console Utilities ActiveX control en AeXNSConsoleUtilities.dll en la consola web de Symantec Altiris Deployment Solution v6.9.x, Altiris Notification Server v6.0.x, y Management Platform v7.0.x permite a atacantes remotos ejecutar código arbitrario a través de una cadena larga en el segundo argumento. • https://www.exploit-db.com/exploits/16528 http://osvdb.org/60496 http://www.securityfocus.com/bid/37092 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091124_00 http://www.vupen.com/english/advisories/2009/3328 https://exchange.xforce.ibmcloud.com/vulnerabilities/54415 https://kb.altiris.com/article.asp?article=50072&p=1 https://kb.altiris.com/article.asp?article=50279&p=1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-3110
https://notcve.org/view.php?id=CVE-2009-3110
Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does. Condición de carrera en la funcionalidad de transferencia de ficheros en Symantec Altiris Deployment Solution v6.9.x anterior a v6.9 SP3 Build 430, permite a atacantes remotos leer archivos sensibles y prevenir las actualizaciones de los clientes mediante la conexión a un puerto de transferencia antes de que lo haga el autentico cliente. • http://secunia.com/advisories/36502 http://www.securityfocus.com/bid/36113 http://www.securitytracker.com/id?1022779 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2009-3108
https://notcve.org/view.php?id=CVE-2009-3108
The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program. Aclient GUI en Symantec Altiris Deployment Solution v6.9.x anterior v6.9 SP3 Build 430 instala un cliente ejecutable con permisos no seguros (todos: control total), que permite a usuarios locales obtener privilegios y reemplazar el ejecutable con un programa troyano. • http://secunia.com/advisories/36502 http://www.securityfocus.com/bid/36111 http://www.securitytracker.com/id?1022779 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-6827
https://notcve.org/view.php?id=CVE-2008-6827
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function. El control "ListView" (vista de lista) del cliente de interfaz gráfico (AClient.exe) en Altiris Deployment Solution v6.x anterior a 6.9.355 SP1 de Symantec permite a usuarios locales obtener privilegios de SYSTEM y ejecutar comandos de su elección a través un tipo de ataque "Shatter" en el botón oculto del interfaz gráfico "command prompt" para (1) sobreescribir el parámetro CommandLine a cmd.exe para usar privilegios de SYSTEM y (2) modificar la DLL que es cargada usando la función de la API LoadLibrary. • https://github.com/alt3kx/CVE-2008-6827 http://marc.info/?l=bugtraq&m=122460544316205&w=2 http://osvdb.org/49426 http://secunia.com/advisories/31773 http://www.insomniasec.com/advisories/ISVA-081020.1.htm http://www.securityfocus.com/bid/31766 http://www.securitytracker.com/id?1021071 http://www.symantec.com/avcenter/security/Content/2008.10.20a.html http://www.vupen.com/english/advisories/2008/2876 https://exchange.xforce.ibmcloud.com/vulnerabilities/46006 • CWE-306: Missing Authentication for Critical Function •