CVE Vulnerability

CVE-2008-1754

Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory.

1.7 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html Patch
http://www.securityfocus.com/bid/28707
http://www.securitytracker.com/id?1019825
http://secunia.com/advisories/29771 Vendor Advisory
http://www.osvdb.org/44388
http://www.vupen.com/english/advisories/2008/1197/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41771
Configurations

Configuration 1

cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp1:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.8.380:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:*:sp2:*:*:*:*:*:*
Information

Published : 2008-04-11 09:05

Updated : 2017-08-08 01:30

NVD link : CVE-2008-1754

Mitre link : CVE-2008-1754

Products Affected

Altiris Deployment Solution

Symantec

CWE
CWE-310