CVE-2008-6828

Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.
References
Link Resource
http://secunia.com/advisories/31773 Broken Link Vendor Advisory
http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html Broken Link Patch Vendor Advisory
http://www.securityfocus.com/bid/31767 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1021072 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2876 Broken Link Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/46007 Third Party Advisory VDB Entry
http://secunia.com/advisories/31773 Broken Link Vendor Advisory
http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html Broken Link Patch Vendor Advisory
http://www.securityfocus.com/bid/31767 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1021072 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2876 Broken Link Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/46007 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:symantec:altiris_deployment_solution:*:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:-:*:*:*:*:*:*

History

21 Nov 2024, 00:57

Type Values Removed Values Added
References () http://secunia.com/advisories/31773 - Broken Link, Vendor Advisory () http://secunia.com/advisories/31773 - Broken Link, Vendor Advisory
References () http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html - Broken Link, Patch, Vendor Advisory () http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html - Broken Link, Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/31767 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/31767 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1021072 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1021072 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2008/2876 - Broken Link, Patch, Vendor Advisory () http://www.vupen.com/english/advisories/2008/2876 - Broken Link, Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/46007 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/46007 - Third Party Advisory, VDB Entry

14 Feb 2024, 15:20

Type Values Removed Values Added
CWE CWE-310 CWE-312
CPE cpe:2.3:a:symantec:altiris_deployment_solution:6.8:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9.176:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.8.282:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.8.378:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6:sp2:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp1:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.5.299:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.8.380.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp2:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.8.380:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6:sp1:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.5.248:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:-:*:*:*:*:*:*
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/46007 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/46007 - Third Party Advisory, VDB Entry
References (CONFIRM) http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html - Patch, Vendor Advisory (CONFIRM) http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html - Broken Link, Patch, Vendor Advisory
References (SECUNIA) http://secunia.com/advisories/31773 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/31773 - Broken Link, Vendor Advisory
References (SECTRACK) http://www.securitytracker.com/id?1021072 - (SECTRACK) http://www.securitytracker.com/id?1021072 - Broken Link, Third Party Advisory, VDB Entry
References (VUPEN) http://www.vupen.com/english/advisories/2008/2876 - Patch, Vendor Advisory (VUPEN) http://www.vupen.com/english/advisories/2008/2876 - Broken Link, Patch, Vendor Advisory
References (BID) http://www.securityfocus.com/bid/31767 - (BID) http://www.securityfocus.com/bid/31767 - Broken Link, Third Party Advisory, VDB Entry
CVSS v2 : 4.3
v3 : unknown
v2 : 4.3
v3 : 7.8

Information

Published : 2009-06-08 19:30

Updated : 2024-11-21 00:57


NVD link : CVE-2008-6828

Mitre link : CVE-2008-6828

CVE.ORG link : CVE-2008-6828


JSON object : View

Products Affected

symantec

  • altiris_deployment_solution
CWE
CWE-312

Cleartext Storage of Sensitive Information