Vulnerability Name:

CVE-2008-2289 (CCN-42440)

Assigned:2008-05-14
Published:2008-05-14
Updated:2017-08-08
Summary:Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.9 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2008-2289

Source: CCN
Type: HP Security Bulletin HPSBMA02369 SSRT080115 rev.1
HP ProLiant Essentials Rapid Deployment Pack (RDP) Running Symantec Altiris Deployment Solution, Remote SQL Injection, Remote or Local Gain Extended Privileges, Local Denial of Service (DoS)

Source: HP
Type: UNKNOWN
SSRT080115

Source: CCN
Type: SA30261
Symantec Altiris Deployment Solution Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30261

Source: CCN
Type: SYM008-012
Altiris Deployment Solution Multiple Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1020024
Symantec Altiris Deployment Solution Lets Remote Users Inject SQL Commands and Local Users Obtain Elevated Privileges

Source: CCN
Type: OSVDB ID: 45316
Symantec Altiris Deployment Solution tooltip Privilege Escalation

Source: BID
Type: UNKNOWN
29218

Source: CCN
Type: BID-29218
Symantec Altiris Deployment Solution Tooltip Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1020024

Source: CONFIRM
Type: UNKNOWN
http://www.symantec.com/avcenter/security/Content/2008.05.14a.html

Source: VUPEN
Type: UNKNOWN
ADV-2008-1542

Source: XF
Type: UNKNOWN
symantec-altiris-tooltip-priv-escalation(42440)

Source: XF
Type: UNKNOWN
symantec-altiris-tooltip-priv-escalation(42440)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:altiris_deployment_solution:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.5.248:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.5.299:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8.378:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8.380.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8_sp1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8_sp2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:altiris_deployment_solution:6.8:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.5.248:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.5.299:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8:sp2:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    symantec altiris deployment solution 6.0
    symantec altiris deployment solution 6.5.248
    symantec altiris deployment solution 6.5.299
    symantec altiris deployment solution 6.8
    symantec altiris deployment solution 6.8.378
    symantec altiris deployment solution 6.8.380.0
    symantec altiris deployment solution 6.8_sp1
    symantec altiris deployment solution 6.8_sp2
    symantec altiris deployment solution 6.9
    symantec altiris deployment solution 6.9.164
    symantec altiris deployment solution 6.8
    symantec altiris deployment solution 6.9
    symantec altiris deployment solution 6.5.248
    symantec altiris deployment solution 6.5.299
    symantec altiris deployment solution 6.8 sp2