Symantec Altiris Deployment Solution Directory Traversal Vulnerability
BID:26266
Info
Symantec Altiris Deployment Solution Directory Traversal Vulnerability
| Bugtraq ID: | 26266 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-3874 |
| Remote: | No |
| Local: | Yes |
| Published: | Oct 30 2007 12:00AM |
| Updated: | Oct 31 2007 10:56PM |
| Credit: | Manuel Santamarina Suarez is credited with the discovery of this vulnerability. |
| Vulnerable: |
Symantec Altiris Deployment Solution 6.8 SP2 Symantec Altiris Deployment Solution 6.8 SP1 Symantec Altiris Deployment Solution 6.8 Symantec Altiris Deployment Solution 6.0 |
| Not Vulnerable: |
Symantec Altiris Deployment Solution 6.8.380.0 |
Discussion
Symantec Altiris Deployment Solution Directory Traversal Vulnerability
Symantec Altiris Deployment Solution is prone to a directory-traversal vulnerability.
Attackers can exploit this issue to access potentially sensitive information that may aid in further attacks.
Symantec Altiris Deployment Solution is prone to a directory-traversal vulnerability.
Attackers can exploit this issue to access potentially sensitive information that may aid in further attacks.
Exploit / POC
Symantec Altiris Deployment Solution Directory Traversal Vulnerability
Attackers can use the vulnerable application itself to exploit this issue.
Attackers can use the vulnerable application itself to exploit this issue.
Solution / Fix
Symantec Altiris Deployment Solution Directory Traversal Vulnerability
Solution:
The vendor has released an advisory and fixes to address this issue. Please see the references for more information.
Solution:
The vendor has released an advisory and fixes to address this issue. Please see the references for more information.
References
Symantec Altiris Deployment Solution Directory Traversal Vulnerability
References:
References:
- Altiris Home Page (Altiris)
- iDefense Security Advisory 10.31.07: Symantec Altiris Deployment Solution TFTP/M (iDefense Labs
) - SYM07-025: Altiris Deployment Solution Directory Traversal (Symantec)