VULHUB ™

Altiris Deployment Server is reported vulnerable to a remote command execution vulnerability in the client portion of the software. This is due to a failure of the application to properly authenticate that commands originate from an authorized server. This vulnerability allows attackers with local access to a network to impersonate a valid deployment server and issue arbitrary commands to the client computers. Update: It is also reported that this issue can allow remote attackers to gain control of a vulnerable computer through the Altiris remote control feature. It is conjectured that this may allow the attacker to completely compromise the affected computer.

Altiris Deployment Server is reported vulnerable to a remote command execution vulnerability in the client portion of the software. This is due to a failure of the application to properly authenticate that commands originate from an authorized server. This vulnerability allows attackers with local access to a network to impersonate a valid deployment server and issue arbitrary commands to the client computers. Update: It is also reported that this issue can allow remote attackers to gain control of a vulnerable computer through the Altiris remote control feature. It is conjectured that this may allow the attacker to completely compromise the affected computer.