[SA12944] Altiris Deployment Solution Missing Server Authentication Security Issue
Secunia Security Advisories
sec-adv at secunia.com
Tue Oct 26 00:32:28 CEST 2004
TITLE:
Altiris Deployment Solution Missing Server Authentication Security
Issue
SECUNIA ADVISORY ID:
SA12944
VERIFY ADVISORY:
http://secunia.com/advisories/12944/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From local network
SOFTWARE:
Altiris Deployment Solution 6.x
http://secunia.com/product/4070/
Altiris Deployment Solution 5.x
http://secunia.com/product/4142/
DESCRIPTION:
Brian Gallagher has reported a security issue in Altiris Deployment
Solution, which potentially can be exploited by malicious people to
compromise certain systems.
The problem is that the Altiris Deployment Solution client agents
don't verify the authenticity of the Altiris Deployment Solution
server system. This can be exploited by malicious people to install
and execute arbitrary code on client systems by running a rogue
Altiris Deployment Solution server system on the local network.
The security issue has been reported in versions 5.x and 6.1sp1 and
prior.
SOLUTION:
There is no proper solution.
The exposure can be limited by configuring the client to use a fixed
IP address for the Altiris Deployment Solution server system, instead
of relying on multicast to locate it.
PROVIDED AND/OR DISCOVERED BY:
Brian Gallagher
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=elektro@tesla.hu
----------------------------------------------------------------------
More information about the Elektro
mailing list