Vulnerability Bulletins |
Ejecución de código arbitrario en Symantec Altiris Deployment |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | Comercial Software |
Affected software |
Symantec Altiris Notification Server (NS) 6.0 < R12 Symantec Deployment Server 6.8 y 6.9 in Symantec Altiris Deployment Solution 6.9 SP3 Symantec Management Platform (SMP) 7.0 < SP3 |
Description |
|
Se ha descubierto una vulnerabilidad en Symantec Altiris Deployment. La vulnerabilidad reside en un error en la función "BrowseAndSaveFile" en Altiris eXpress NS ConsoleUtilities. Un atacante remoto podría ejecutar código arbitrario mediante una cadena de caracteres larga en el segundo parámetro de la función. |
|
Solution |
|
Actualización de software Symantec Symantec Altiris Deployment Solution 6.9 SP1 Symantec Altiris Deployment Solution 6.9 Symantec Altiris Deployment Solution 6.9 SP3 Build 430 Symantec Altiris Deployment Solution 6.9.164 Symantec Altiris Deployment Solution 6.9.176 Symantec Altiris Deployment Solution 6.9.355 Symantec Altiris Deployment Solution 6.9.355 SP1 https://kb.altiris.com/utility/getfile.asp?rid=6364&aid=49568 http://kb.altiris.com/ |
|
Standar resources |
|
Property | Value |
CVE | CVE-2009-3031 |
BID | 36698 |
Other resources |
|
Symantec Security Advisory (SYM09-015) http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091102_00 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2009-11-13 |