CVE-2008-1754

Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory.

CVSS v2.0 1.7 LOW

1.7^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html	Patch
http://www.securityfocus.com/bid/28707
http://www.securitytracker.com/id?1019825
http://secunia.com/advisories/29771	Vendor Advisory
http://www.osvdb.org/44388
http://www.vupen.com/english/advisories/2008/1197/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41771

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp1::::::
	cpe:2.3:a:symantec:altiris_deployment_solution::sp2::::::*
	cpe:2.3:a:symantec:altiris_deployment_solution:6.8.380:::::::*

Information

Published : 2008-04-11 14:05

Updated : 2017-08-07 18:30

NVD link : CVE-2008-1754

Mitre link : CVE-2008-1754

JSON object : View

CWE

CWE-310

Cryptographic Issues

Advertisement

Products Affected

symantec

altiris_deployment_solution

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html", "name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/28707", "name": "28707", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1019825", "name": "1019825", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/29771", "name": "29771", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/44388", "name": "44388", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2008/1197/references", "name": "ADV-2008-1197", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41771", "name": "altiris-agent-aclient-info-disclosure(41771)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-1754", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 1.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-04-11T21:05Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.8"}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8.380:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:30Z"}