Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Symantec Altiris Deployment Solution Aclient本地权限提升漏洞
Vulnerability Description
Symantec Altiris Deployment Solution是自动化的操作系统部署解决方案,用于从统一的位置部署和管理服务器、桌面和笔记本等。 Altiris Deployment Solution是的Aclient GUI没有充分的防范非授权访问。尽管安装目录是受保护的,Everyone用户组默认对客户端可执行程序都拥有完全控制,非特权用户可以利用Everyone用户组访问恶意修改客户端。 GUI二进制程序默认以登录用户权限运行,如果其他特权用户登录到了客户端,就可能导致权限提升或入侵客户端
CVSS Information
N/A
Vulnerability Type
N/A