Symantec's Altiris Deployment Solution is susceptible to a denial of service which can temporarily halt deployment solution activity. An attacker would need to be on the network segment to effectively implement the denial of service.
Product
|
Version
|
Build
|
Solution(s)
—|—|—|—
Symantec Altiris Deployment Solution
|
6.9.x
|
All
|
Severity
Medium
Remote Access
|
Yes (adjacent network)
—|—
Local Access
|
No
Authentication Required
|
No
Exploit publicly available
|
No
Details
Symantec is aware of the public release of information concerning a denial of service attack against the Symantec Altiris Deployment Solution. An attacker with access to the local network and working knowledge of Symantec Altiris Deployment Solution request formats could potentially pass specially crafted requests to the dbmanager.exe listening port. Successful exploitation would result in dereferencing invalid memory causing the targeted Deployment Solution application to crash. Such a crash would temporarily halt deployment solution tasks until a restart is initiated.
Symantec Response
Symantec engineers have verified this finding and released updates to resolve this issue. Symantec is not aware of any customer impact from this issue.
Symantec Deployment Solution SP4 is currently available for update through the FileConnect -Electronic Software Distribution web site.
Mitigations
Symantec Security Response has released IPS signature,
23661 - TCP Symantec Altiris DBManager DOS
that detects and blocks attempts to exploit this issue. Signatures are available through normal Symantec updates.
Best Practices
As part of normal best practices, Symantec strongly recommends:
Security Focus, http://www.securityfocus.com, has assigned Bugtraq ID (BID) 38410 to this issue for inclusion in the SecurityFocus vulnerability database.
This issue is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. CVE-2010-0109 has been assigned to this issue.