ISVA-080516.1.txt

ISVA-080516.1.txt: Posted May 20, 2008; Authored by Brett Moore | Site insomniasec.com; Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request that will result in the exploitation of a SQL Injection vulnerability. This leads to database access under the context of the Deployment server, which typically then allows, command execution under the context of the SQL Server. Versions 6.8.x and 6.9.x are affected.; tags | advisory, sql injection; SHA-256 | 326d2fd0343a50acde785461329cd29f99ec31a55cf0fdeda6e4172d09fb8bbf; Download | Favorite | View

ISVA-080516.1.txt

__________________________________________________________________

 Insomnia Security Vulnerability Advisory: ISVA-080516.1
___________________________________________________________________

 Name: Altiris Deployment Solution - SQL Injection
 Released: 16 May 2008
  
 Vendor Link: 
    https://www.altiris.com/
  
 Affected Products:
    Altiris Deployment Solution 6.8.x & 6.9.x
 
 Original Advisory: 
    https://www.insomniasec.com/advisories/ISVA-080516.1.htm
 
 Researcher: 
    Brett Moore, Insomnia Security
    https://www.insomniasec.com
___________________________________________________________________

_______________

 Description
_______________

Altiris deployment solution is a suite installed to manage the 
configuration and operation of machines on the network. SQL Server 
is used as the backend database. 

Altiris deployment solution listens for connections from the Altiris
client on port 402. It is possible to make a request that will 
result in the exploitation of a SQL Injection vulnerability. This 
leads to database access under the context of the Deployment server,
which typically then allows, command execution under the context of 
the SQL Server.

Note that through access to the SQL server, it is possible to take 
control of all clients managed by the server.
_______________

 Details
_______________

When a client machine that is running Altiris client 'comes alive'
it makes contact with the Deployment server and sends a 
notification packet to alert the server that the client machine 
is available. 

This packet is an ASCII based packet with a terminating NULL 
character.

At least two of the strings contained in this packet can be used 
to inject arbitrary SQL syntax into a SQL call, resulting in 
SQL injection.

_______________

 Solution
_______________

Symantec have released a security update to address this issue;
https://www.symantec.com/avcenter/security/Content/2008.05.14a.html

_______________

 Legals
_______________

The information is provided for research and educational purposes
only. Insomnia Security accepts no liability in any form whatsoever
for any direct or indirect damages associated with the use of this
information.

___________________________________________________________________
 
Insomnia Security Vulnerability Advisory: ISVA-080516.1
___________________________________________________________________

Top Authors In Last 30 Days

Red Hat 228 files
indoushka 168 files
Jay Turla 150 files
Ubuntu 69 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,125)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,587)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,263)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,856)
UNIX (9,457)
UnixWare (188)
Windows (6,772)
Other

ISVA-080516.1.txt

ISVA-080516.1.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ISVA-080516.1.txt

Share This

ISVA-080516.1.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems