My Security Planet » sirdarckcat » Symantec Altiris Deployment Solution < 6.9.176 Multiple Vulnerabilities

Feeds

13620 items (0 unread) in 75 feeds

• Jeremy Zawodny's blog
• Mozilla Webdev
• Transcendental Technical Travails
• Ian Bicking: a blog
• Hackosis

WebSecurity

• Watchfire Application Security Insider
• BlogSecurity
• sirdarckcat
• Google Online Security Blog
• CGISecurity.com: Your Web Site and Application Security Resource
• Switch/Twitch
• mybeNi websecurity
• cat slave diary
• SecuriTeam Blogs
• Curiouser and Curiouser
• Alex's Corner
• Billy (BK) Rios
• Chris Shiflett
• christian's weblog
• funkatron.com
• GNUCITIZEN
• The Spanner
• hackademix.net
• Ruby on Rails Security Project
• It's a shampoo world anyway
• Web Security Blog
• ha.ckers.org web application security lab
• Yet Another Infosec Blog
• PHP Security Blog
• Security Thoughts
• Sunnet Beskerming Security Advisories
• Disenchant's Blog
• Sylvan von Stuppe
• Larholm.com
• The Turkey Curse
• Jeremiah Grossman
• Anurag Agarwal - Application Security Evangelist
• Ivan Ristic
• deep inside | security & tools
• omg.wtf.bbq.
• BlueHat Security Briefings
• Tactical Web Application Security
• .:Computer Defense:.

Security

• tssci security
• Plynt Penetration Testing Blog
• Michael Howard's Web Log
• Security Retentive
• BindShell.Net
• Dominic White's .tHE pRODUCT
• SecurityFocus News
• Justice League
• Schneier on Security
• Rational Survivability
• terminal23
• 1 Raindrop
• hiredhacker.com
• Matasano Chargen
• Security Vulnerability Research & Defense
• Michael on Security - Musings on Information Security
• Fortify blog
• The Art of Software Security Assessment
• GDS Security Blog
• Vodun.org
• Robert Penz Blog
• Mark Curphey - SecurityBuddha.com
• Liminal states
• Security Ripcord
• ModSecurity Blog
• IBM Internet Security Systems Frequency X Blog
• Suspekt...
• extern blog SensePost;
• Zero in a bit

SEO

• SEO BlackHat: Black Hat SEO Blog
• busin3ss.name

Tools

• Opensourcetesting.org News

sirdarckcat

• 

  Symantec Altiris Deployment Solution < 6.9.176 Multiple Vulnerabilities

  Posted: September 29th, 2008, 12:16pm CDT by sirdarckcat

  Tags:  symantec   [edit]

  Ok so, this isn't the normal type of vulnerabilities I post here (I'm mostly a webappsec guy), but well, I discovered this elevation of privileges on this product of Symantec (Altiris Deployment Solution), and it was fixed a while ago, but I hadn't the chance to post about it.
  
  This was researched with Alex Hernandez from sybsecurity.com and from elhacker.net.
  
  The document explaining the vulnerabilities is here.
  
  And the exploit for the elevation of privileges is here.
  
  This was reported to Symantec ( secure@symantec.com ), and they had a very quick and fluent communication with us, they responded fast whenever we asked for information, or had any doubts. The follow-up of this vulnerability has been tracked until today, and so the security team of Symantec is the best one we've met.
  
  Symantec released an advisory here:
  [www.symantec.com]
  
  Sybsecurity released another one here:
  [www.sybsecurity.com]
  
  Greetings!! sirdarckcat