Vulnerability Name:

CVE-2008-6827 (CCN-46006)

Assigned:2008-10-20
Published:2008-10-20
Updated:2017-08-17
Summary:The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
5.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2008-6827

Source: BUGTRAQ
Type: UNKNOWN
20081020 Insomnia : ISVA-081020.1 - Altiris Deployment Server Agent - Privilege Escalation

Source: OSVDB
Type: UNKNOWN
49426

Source: CCN
Type: SA31773
Symantec Altiris Deployment Solution Privilege Escalation

Source: SECUNIA
Type: Vendor Advisory
31773

Source: CCN
Type: SECTRACK ID: 1021071
Symantec Altiris Deployment Solution Client GUI Lets Local Users Gain Elevated Privileges

Source: CCN
Type: Insomnia Security Vulnerability Advisory: ISVA-081020.1
Altiris Deployment Server Agent - Privilege Escalation

Source: MISC
Type: Patch
http://www.insomniasec.com/advisories/ISVA-081020.1.htm

Source: CCN
Type: OSVDB ID: 49426
Symantec Altiris Deployment Solution AClient GUI Local Privilege Escalation

Source: BID
Type: UNKNOWN
31766

Source: CCN
Type: BID-31766
Symantec Altiris Deployment Solution Client User Interface Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021071

Source: CCN
Type: SYM08-019
Symantec Altiris Deployment Solution Local Access Elevation of Privilege in Client GUI

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.symantec.com/avcenter/security/Content/2008.10.20a.html

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2008-2876

Source: XF
Type: UNKNOWN
symantec-ads-clientgui-privilege-escalation(46006)

Source: XF
Type: UNKNOWN
symantec-ads-clientgui-command-execution(46006)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:altiris_deployment_solution:6:sp1:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6:sp2:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.5.248:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.5.299:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8:sp1:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8:sp2:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8.282:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8.378:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8.380.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8_sp1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8_sp2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_notification_server:*:*:*:*:*:*:*:* (Version <= 6.9.176)

    • Configuration CCN 1:
  • cpe:/a:symantec:altiris_deployment_solution:6.8:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8:sp2:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8:sp1:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.8.380:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.9.355:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.9.176:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    symantec altiris deployment solution 6 sp1
    symantec altiris deployment solution 6 sp2
    symantec altiris deployment solution 6.0
    symantec altiris deployment solution 6.5.248
    symantec altiris deployment solution 6.5.299
    symantec altiris deployment solution 6.8
    symantec altiris deployment solution 6.8 sp1
    symantec altiris deployment solution 6.8 sp2
    symantec altiris deployment solution 6.8.282
    symantec altiris deployment solution 6.8.378
    symantec altiris deployment solution 6.8.380.0
    symantec altiris deployment solution 6.8_sp1
    symantec altiris deployment solution 6.8_sp2
    symantec altiris deployment solution 6.9
    symantec altiris deployment solution 6.9.164
    symantec altiris notification server *
    symantec altiris deployment solution 6.8
    symantec altiris deployment solution 6.9
    symantec altiris deployment solution 6.8 sp2
    symantec altiris deployment solution 6.8 sp1
    symantec altiris deployment solution 6.8.380
    symantec altiris deployment solution 6
    symantec altiris deployment solution 6.9.355
    symantec altiris deployment solution 6.9.176
    symantec altiris deployment solution 6.9.164