CVE-2010-0109
https://notcve.org/view.php?id=CVE-2010-0109
DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request. DBManager en Symantec Altiris Deployment Solution en versiones 6.9.x anteriores a DS 6.9 SP4 permite que los atacantes remotos provoquen una denegación de servicio (DoS) mediante una petición manipulada. • http://www.securityfocus.com/bid/38410 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20100420_00 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-5689 – Symantec Ghost Out-Of-Bounds Indexing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-5689
ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image. Vulnerabilidad en ghostexp.exe en Ghost Explorer Utility en Symantec Ghost Solutions Suite (GSS) en versiones anteriores a 3.0 HF2 12.0.0.8010 y Symantec Deployment Solution (DS) en versiones anteriores a 7.6 HF4 12.0.0.7045, realiza una operación de extensión de signo indebida antes de los accesos a los elementos del array, lo que permite a atacantes remotos ejecutar código arbitrario, causar una denegación de servicio (caída de la aplicación) o posiblemente obtener información sensible a través de una imagen Ghost manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Ghost. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Ghost images. The issue lies in sign-extending byte values from an array before using them as an index into an array, allowing for out-of-bounds access. • http://www.securityfocus.com/bid/76498 http://www.securitytracker.com/id/1033577 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150902_00 http://zerodayinitiative.com/advisories/ZDI-15-419 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-7286 – Symantec Altiris Agent 6.9 (Build 648) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-7286
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors. Desbordamiento de buffer en AClient en Symantec Deployment Solution 6.9 y anteriores en Windows XP y Server 2003 permite a usuarios locales obtener privilegios a través de vectores sin especificar. • https://www.exploit-db.com/exploits/35964 http://www.securityfocus.com/bid/71727 http://www.securitytracker.com/id/1031421 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141219_00 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-0292 – pcAnywhere 12.5.0 build 463 - Denial of Service
https://notcve.org/view.php?id=CVE-2012-0292
The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631. El servicio awhost32 en Symantec pcAnywhere hasta v12.5.3, Altiris IT Management Suite pcAnywhere Solution v7.0 (también conocido como v12.5.x) y v7.1 (también conocido como v12.6.x), Altiris Client Management Suite pcAnywhere Solution v7.0 (también conocido como v12.5.x) y v7.1 (también conocido como v12.6.x), y Altiris Deployment Solution Remote pcAnywhere Solution v7.1 (también conocido como v12.5.x and v12.6.x), permiten a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una sesión TCP modificada en el puerto 5631. • https://www.exploit-db.com/exploits/18493 http://secunia.com/advisories/48092 http://www.exploit-db.com/exploits/18493 http://www.securityfocus.com/bid/52094 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120301_00 • CWE-20: Improper Input Validation •
CVE-2012-0291
https://notcve.org/view.php?id=CVE-2012-0291
Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response. Symantec pcAnywhere hasta la v12.5.3, Altiris IT Management Suite pcAnywhere Solution v7.0 (también conocido como v12.5.x) y v7.1 (ó v12.6.x), Altiris Altiris Client Management Suite pcAnywhere Solution v7.0 (también conocido como v12.5.x) y v7.1 (ó v12.6.x) y Altiris Deployment Solution Remote pcAnywhere Solution v7.1 (también conocido como v12.5.x y v12.6.x) permiten a atacantes remotos provocar una denegación de servicio (caída o bloqueo de la aplicación) a través de (1) datos con formato incorrecto de un cliente, (2) de datos con formato incorrecto de un servidor, o (3) una respuesta no válida. • http://secunia.com/advisories/48092 http://www.securityfocus.com/bid/51965 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00 • CWE-20: Improper Input Validation •