OSVDB ID: 15897

Title: Altiris Deployment Solution AClient System Tray Icon Privilege Escalation

Info

Disclosure

Nov 19, 2004

Discovery

Unknown

Dates

Exploit

Nov 19, 2004

Solution

Unknown

Description

Deployment Solution contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user activates the client interface by launching the software from an icon in the Windows system tray and uses it to launch an arbitrary program. This will cause the program to run with the same privileges as the Altiris client allowing local privilege escalation.

Classification

Location: Local Access Required
Attack Type: Misconfiguration
Impact: Loss of Integrity
Exploit: Exploit Public

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Altris	Deployment Solution	5.6 SP1 (Hotfix E)
		5.6 SP1
		5.6.181

References

Security Tracker: 1012271
Bugtraq ID: 11709
Secunia Advisory ID: 13265 15159
Related OSVDB ID: 15896
ISS X-Force ID: 18189
CVE ID: 2005-1590 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0253.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0614.html
Vendor URL: http://www.altiris.com/

Credit

RedTeam Pentesting - RedTeam Pentesting

Direct URL: http://osvdb.org/15897

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Altris

Deployment Solution

References

Credit