=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN456
_____________________________________________________________________

DATE                      : 23/10/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Symantec Altiris Deployment
                                      Solution.

======================================================================
http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20a.html
______________________________________________________________________

   SYM08-019
   October 20, 2008
   Symantec Altiris Deployment Solution Local Access Elevation of
   Privilege in Client GUI

   Revision History
   None

   Severity
   Medium

   Remote Access              No
   Local Access               Yes
   Authentication Required    Yes
   Exploit publicly available No

   Overview
   A local access elevation of privilege issue has been identified and
   resolved in the Symantec Altiris Deployment Solution Client GUI.
   Successful exploitation could result in unauthorized local system
   access on a client system.

   Affected Product(s)

   Product                      Version  Build  Solution(s)
   Altiris Deployment Solution  6.X      All    6.9.355 SP1

   Details
   Brett Moore, Insomnia Security, identified Altiris Deployment
   Solution agents as susceptible to a privilege escalation vulnerability
   taking advantage of windows messaging to bypass client security
   settings in the Client GUI. Successful exploitation could lead to an
   authorized but non-privileged user potentially leveraging local system
   access on the targeted client system.

   Symantec Response
   Symantec engineers have verified and resolved this issue in Altiris
   Deployment Solution 6.9 SP1. Updates are available as follows:
     * Go to http://www.altiris.com/download.aspx
     * Select either "Deployment Solution for Clients 6.9 SP1" or
       Deployment Solution for Servers 6.9 SP1 from the drop-down box
     * Accept the "End User License Agreement"
     * Login to the download site
     * Click on "Download Now" for the appropriate product to download a
       zip file containing the Deployment Solution update.

   Unzip the update package and double-click on the install file. Follow
   the installation instructions

   Best Practices
   As part of normal best practices, Symantec strongly recommends:
     * Restrict access to administration or management systems to
       privileged users.
     * Restrict remote access, if required, to trusted/authorized systems
       only.
     * Run under the principle of least privilege where possible to limit
       the impact of exploit by threats.
     * Keep all operating systems and applications updated with the
       latest vendor patches.
     * Follow a multi-layered approach to security. Run both firewall and
       anti-malware applications, at a minimum, to provide multiple
       points of detection and protection to both inbound and outbound
       threats.
     * Deploy network and host-based intrusion detection systems to
       monitor network traffic for signs of anomalous or suspicious
       activity. This may aid in detection of attacks or malicious
       activity related to exploitation of latent vulnerabilities

   References
   SecurityFocus, http://www.securityfocus.com, has assigned a
   Bugtraq ID(BID31766) to this issues for inclusion in the
   SecurityFocus vulnerability data base.

   CVE
   A CVE Candidate name will be requested from the Common Vulnerabilities
   and Exposures (CVE) initiative for this issue. This advisory will be
   revised accordingly upon receipt of the CVE Candidate name. This issue
   is a candidate for inclusion in the CVE list
   (http://cve.mitre.org), which standardizes names for security
   problems

   Credit
   Symantec would like to thank Brett Moore, Insomnia Security, for
   reporting this issue and providing full coordination while Symantec
   resolved it.
        ___________________________________________________________

   Symantec takes the security and proper functionality of its products
   very seriously. As founding members of the Organization for Internet
   Safety (OISafety), Symantec follows the principles of responsible
   disclosure. Symantec also subscribes to the vulnerability guidelines
   outlined by the National Infrastructure Advisory Council (NIAC).
   Please contact secure@symantec.com if you feel you have discovered
   a potential or actual security issue with a Symantec product. A
   Symantec Product Security team member will contact you regarding your
   submission.

   Symantec has developed a Product Vulnerability Handling Process
   document outlining the process we follow in addressing suspected
   vulnerabilities in our products. We support responsible disclosure of
   all vulnerability information in a timely manner to protect Symantec
   customers and the security of the Internet as a result of
   vulnerability. This document is available from the location provided
   below.

   Symantec strongly recommends using encrypted email for reporting
   vulnerability information to secure@symantec.com. The Symantec
   Product Security PGP key can be obtained from the location provided
   below.
   Symantec-Product-Vulnerability-Response Symantec Vulnerability
   Response Policy Symantec Product Vulnerability Management PGP Key
   Symantec Product Vulnerability Management PGP Key
     _________________________________________________________________

   Copyright (c) 2008 by Symantec Corp.
   Permission to redistribute this alert electronically is granted as
   long as it is not edited in any way unless authorized by Symantec
   Security Response. Reprinting the whole or part of this alert in any
   medium other than electronically requires permission from
   secure@symantec.com.

   Disclaimer
   The information in the advisory is believed to be accurate at the time
   of publishing based on currently available information. Use of the
   information constitutes acceptance for use in an AS IS condition.
   There are no warranties with regard to this information. Neither the
   author nor the publisher accepts any liability for any direct,
   indirect, or consequential loss or damage arising from use of, or
   reliance on, this information.

   Symantec, Symantec products, Symantec Security Response, and
   secure@symantec.com are registered trademarks of Symantec Corp.
   and/or affiliated companies in the United States and other countries.
   All other registered and unregistered trademarks represented in this
   document are the sole property of their respective companies/owners.

   Last modified on: Monday, 20-Oct-08 19:26:50


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================