CVE-2008-6827
First published: Mon Jun 08 2009(Updated: )
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Deployment Solution | >=6.0<6.9.355 | |
| Symantec Deployment Solution | =6.9.355 | |
| Symantec Deployment Solution | =6.8.282 | |
| Symantec Deployment Solution | =6.8_sp1 | |
| Symantec Altiris Notification Server | <=6.9.176 | |
| Symantec Deployment Solution | =6.5.299 | |
| Symantec Deployment Solution | =6.8-sp2 | |
| Symantec Deployment Solution | =6.9 | |
| Symantec Deployment Solution | =6.8.378 | |
| Symantec Deployment Solution | =6.8.380.0 | |
| Symantec Deployment Solution | =6.8_sp2 | |
| Symantec Deployment Solution | =6.9.164 | |
| Symantec Deployment Solution | =6-sp1 | |
| Symantec Deployment Solution | =6.5.248 | |
| Symantec Deployment Solution | =6-sp2 | |
| Symantec Deployment Solution | =6.0 | |
| Symantec Deployment Solution | =6.8-sp1 | |
| Symantec Deployment Solution | =6.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securitytracker.com/id?1021071
- http://osvdb.org/49426
- http://www.securityfocus.com/bid/31766
- http://marc.info/?l=bugtraq&m=122460544316205&w=2
- http://www.insomniasec.com/advisories/ISVA-081020.1.htm
- http://www.vupen.com/english/advisories/2008/2876
- http://www.symantec.com/avcenter/security/Content/2008.10.20a.html
- http://secunia.com/advisories/31773
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46006
Frequently Asked Questions
What is the severity of CVE-2008-6827?
CVE-2008-6827 has a high severity rating due to the potential for local users to gain SYSTEM privileges.
How do I fix CVE-2008-6827?
To fix CVE-2008-6827, upgrade your Symantec Altiris Deployment Solution to version 6.9.355 SP1 or later.
Which versions of Symantec Altiris are affected by CVE-2008-6827?
CVE-2008-6827 affects various versions of Symantec Altiris Deployment Solution including 6.0 through 6.9.355.
What type of attack does CVE-2008-6827 exploit?
CVE-2008-6827 exploits a vulnerability that allows a 'Shatter' style attack on the ListView control in the Client GUI.
Can CVE-2008-6827 be exploited remotely?
No, CVE-2008-6827 can only be exploited by local users who have access to the system.
- agent/type
- agent/severity
- agent/description
- agent/remedy
- agent/weakness
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/symantec
- canonical/symantec deployment solution
- version/symantec deployment solution/6.0
- version/symantec deployment solution/6.9.355
- version/symantec deployment solution/6.8.282
- version/symantec deployment solution/6.8_sp1
- canonical/symantec altiris notification server
- version/symantec altiris notification server/6.9.176
- version/symantec deployment solution/6.5.299
- version/symantec deployment solution/6.8-sp2
- version/symantec deployment solution/6.9
- version/symantec deployment solution/6.8.378
- version/symantec deployment solution/6.8.380.0
- version/symantec deployment solution/6.8_sp2
- version/symantec deployment solution/6.9.164
- version/symantec deployment solution/6-sp1
- version/symantec deployment solution/6.5.248
- version/symantec deployment solution/6-sp2
- version/symantec deployment solution/6.8-sp1
- version/symantec deployment solution/6.8