Intrusion Prevention

Symantec.Altiris.DS.SQL.Injection

Description

This indicates an attack attempt to exploit a Code Injection Vulnerability in Symantec Altiris Deployment Solution.
The vulnerability is due to an input validation error while parsing request in the vulnerable module. A remote attacker could exploit this to execute arbitrary code execution within the context of the application, via a crafted request.

Affected Products

Symantec Altiris Deployment Solution 6.9.164
Symantec Altiris Deployment Solution 6.9
Symantec Altiris Deployment Solution 6.8.380.0
Symantec Altiris Deployment Solution 6.8 SP2
Symantec Altiris Deployment Solution 6.8 SP1
Symantec Altiris Deployment Solution 6.8

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www.symantec.com/avcenter/security/Content/2008.05.14a.html

CVE References

CVE-2008-2286