[<prev] [next>] [day] [month] [year] [list]
Message-ID: <001801c8b935$95be2190$c13a64b0$@moore@insomniasec.com>
Date: Mon, 19 May 2008 10:21:51 +1200
From: "Brett Moore" <brett.moore@...omniasec.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Insomnia : ISVA-080516.2 - Altiris Deployment
Solution - Domain Account Disclosure
__________________________________________________________________
Insomnia Security Vulnerability Advisory: ISVA-080516.2
___________________________________________________________________
Name: Altiris Deployment Solution - Domain Account Disclosure
Released: 16 May 2008
Vendor Link:
http://www.altiris.com/
Affected Products:
Altiris Deployment Solution 6.8.x & 6.9.x
Original Advisory:
http://www.insomniasec.com/advisories/ISVA-080516.2.htm
Researcher:
Brett Moore, Insomnia Security
http://www.insomniasec.com
___________________________________________________________________
_______________
Description
_______________
Altiris deployment solution is a suite installed to manage the
configuration and operation of machines on the network. Part of
the Deployment solution setup involves configuring the domain
accounts to be used to access the various clients for imaging
and configuration jobs.
Altiris deployment solution listens for connections from the
Altiris client on port 402. It is possible to make a request to
this port that will result in the encrypted domain credentials
being returned.
The encryption is not salted or specific to the install, allowing
for offsite decryption of the credentials.
_______________
Details
_______________
The retrieved encrypted credentials can be placed into a local
installation, through direct insertion into the SQL server
database. The GUI can then be used to view the decrypted
credentials.
Alternatively a standalone tool to decrypt the credentials could
easily be written.
_______________
Solution
_______________
Symantec have released a security update to address this issue;
http://www.symantec.com/avcenter/security/Content/2008.05.14a.html
_______________
Legals
_______________
The information is provided for research and educational purposes
only. Insomnia Security accepts no liability in any form whatsoever
for any direct or indirect damages associated with the use of this
information.
___________________________________________________________________
Insomnia Security Vulnerability Advisory: ISVA-080516.2
___________________________________________________________________
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists