Intrusion Prevention

Symantec.Altiris.Deployment.SQL.Injection

Description

This indicates an attempt to exploit an SQL-injection vulnerability in Symantec Altiris Deployment Solution.
This vulnerability is caused by the application's failure to sufficiently sanitize user-supplied input. A remote attacker may exploit this to execute arbitrary code with SYSTEM-level privileges.

Affected Products

Symantec Altiris Deployment Solution 6.8.x & 6.9.x
All builds prior to 6.9.176

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Update to version Symantec Altiris Deployment Solution 6.9.176 available at http://www.symantec.com/avcenter/security/Content/2008.05.14a.html

CVE References

CVE-2008-2286