CVE-2008-6828 - Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account

CVE-2008-6828

Summary

Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.

References

Vulnerable Configurations

cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:-:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:-:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:-:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:-:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.8:-:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.8:-:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp1:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp1:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp2:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp2:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9.176:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9.176:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 14-02-2024 - 15:20)
Impact:
Exploitability:

CWE

CWE-312

CAPEC

Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.

Access

Vector	Complexity	Authentication
LOCAL	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:S/C:P/I:P/A:P

refmap via4

bid	31767
confirm	http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html
sectrack	1021072
secunia	31773
vupen	ADV-2008-2876
xf	symantec-ads-password-info-disclosure(46007)

Last major update

14-02-2024 - 15:20

Published

08-06-2009 - 19:30

Last modified

14-02-2024 - 15:20