Reed Arvin has reported a vulnerability in Altiris Deployment Solution, which can be exploited by malicious, local users to bypass certain security restrictions.
The vulnerability is caused due to an error in Altiris Client Service for Windows (ACLIENT.EXE) making it possible to bypass the password restriction and gain access to the "Altiris Client Service Properties" window without supplying a valid password.
The vulnerability has been confirmed in Altiris Client Service for Windows version 6.1.393. Other versions may also be affected.
SOFTWARE:
Altiris Deployment Solution 6.x
SOLUTION:
Grant only trusted users access to affected systems.
VERIFY ADVISORY:
http://secunia.com/advisories/15159/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050505090020382