Insecure Executable Permissions in Symantec Altiris Deployment Solution
CVE-2009-3108
Currently unrated
Key Information:
- Vendor
Symantec
- Vendor
- CVE Published:
- 8 September 2009
What is CVE-2009-3108?
The Aclient GUI in Symantec Altiris Deployment Solution versions prior to 6.9 SP3 Build 430 installs a client executable with overly permissive access controls, allowing all local users full control. This flaw enables malicious users to replace the executable with a Trojan horse, granting them unauthorized privileges on the system. Organizations using affected versions of the software should take immediate action to mitigate this security risk.