CVE-2008-6827

The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 3.1 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securitytracker.com/id?1021071
http://osvdb.org/49426
http://www.securityfocus.com/bid/31766
http://marc.info/?l=bugtraq&m=122460544316205&w=2
http://www.insomniasec.com/advisories/ISVA-081020.1.htm	Patch
http://www.vupen.com/english/advisories/2008/2876	Patch Vendor Advisory
http://www.symantec.com/avcenter/security/Content/2008.10.20a.html	Patch Vendor Advisory
http://secunia.com/advisories/31773	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/46006

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:altiris_deployment_solution:6.8.378:::::::*
	cpe:2.3:a:symantec:altiris_deployment_solution:6.5.299:::::::*
	cpe:2.3:a:symantec:altiris_deployment_solution:6.8_sp1:::::::*
	cpe:2.3:a:symantec:altiris_notification_server::::::::
	cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp2::::::
	cpe:2.3:a:symantec:altiris_deployment_solution:6.8.282:::::::*
	cpe:2.3:a:symantec:altiris_deployment_solution:6.5.248:::::::*
	cpe:2.3:a:symantec:altiris_deployment_solution:6:sp2::::::
	cpe:2.3:a:symantec:altiris_deployment_solution:6.8.380.0:::::::*
	cpe:2.3:a:symantec:altiris_deployment_solution:6.0:::::::*
	cpe:2.3:a:symantec:altiris_deployment_solution:6.9:::::::*
	cpe:2.3:a:symantec:altiris_deployment_solution:6.8_sp2:::::::*
	cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:::::::*
	cpe:2.3:a:symantec:altiris_deployment_solution:6:sp1::::::
	cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp1::::::
	cpe:2.3:a:symantec:altiris_deployment_solution:6.8:::::::*

Information

Published : 2009-06-08 12:30

Updated : 2017-08-16 18:29

NVD link : CVE-2008-6827

Mitre link : CVE-2008-6827

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

symantec

altiris_notification_server
altiris_deployment_solution

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securitytracker.com/id?1021071", "name": "1021071", "tags": [], "refsource": "SECTRACK"}, {"url": "http://osvdb.org/49426", "name": "49426", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/bid/31766", "name": "31766", "tags": [], "refsource": "BID"}, {"url": "http://marc.info/?l=bugtraq&m=122460544316205&w=2", "name": "20081020 Insomnia : ISVA-081020.1 - Altiris Deployment Server Agent - Privilege Escalation", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.insomniasec.com/advisories/ISVA-081020.1.htm", "name": "http://www.insomniasec.com/advisories/ISVA-081020.1.htm", "tags": ["Patch"], "refsource": "MISC"}, {"url": "http://www.vupen.com/english/advisories/2008/2876", "name": "ADV-2008-2876", "tags": ["Patch", "Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.symantec.com/avcenter/security/Content/2008.10.20a.html", "name": "http://www.symantec.com/avcenter/security/Content/2008.10.20a.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/31773", "name": "31773", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46006", "name": "symantec-ads-clientgui-command-execution(46006)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a \"Shatter\" style attack on the \"command prompt\" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-6827", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-06-08T19:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8.378:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6.5.299:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8_sp1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_notification_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.9.176"}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8.282:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6.5.248:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8.380.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8_sp2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:29Z"}

6.8 /10