CVE-2008-2291 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2008-2291?

CVE-2008-2291 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-2291?

Check the references section above for vendor advisories and patch information. Affected products include: Symantec Altiris Deployment Solution.

Vulnerability Description

axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Symantec	Altiris Deployment Solution	>= 6.9, < 6.9.176

Related Weaknesses (CWE)

CWE-255

References

http://marc.info/?l=bugtraq&m=122167472229965&w=2Mailing ListThird Party Advisory
http://secunia.com/advisories/30261Third Party Advisory
http://www.insomniasec.com/advisories/ISVA-080516.2.htmThird Party Advisory
http://www.securityfocus.com/archive/1/492128/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/archive/1/492228/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/29199Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1020024Third Party AdvisoryVDB Entry
http://www.symantec.com/avcenter/security/Content/2008.05.14a.htmlPatchVendor Advisory
http://www.vupen.com/english/advisories/2008/1542/referencesThird Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-025/Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/42437Third Party AdvisoryVDB Entry
http://marc.info/?l=bugtraq&m=122167472229965&w=2Mailing ListThird Party Advisory
http://secunia.com/advisories/30261Third Party Advisory
http://www.insomniasec.com/advisories/ISVA-080516.2.htmThird Party Advisory
http://www.securityfocus.com/archive/1/492128/100/0/threadedThird Party AdvisoryVDB Entry

FAQ

What is CVE-2008-2291?

CVE-2008-2291 is a vulnerability with a CVSS score of 7.5 (HIGH). axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess enc...

How severe is CVE-2008-2291?

CVE-2008-2291 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-2291?

Check the references section above for vendor advisories and patch information. Affected products include: Symantec Altiris Deployment Solution.