Symantec It Management Suite
Monthly
Local privilege escalation via a misconfigured WMI provider in Broadcom's Symantec IT Management Suite (Altiris) exposes SYSTEM-readable files to any local standard user. The AltirisAgent_Stream WMI class fails to re-impersonate the calling user when servicing queries, reverting to the LocalSystem context instead - allowing unprivileged local users to bypass filesystem ACLs and read files that are restricted to SYSTEM or Administrator accounts, including configuration files, service logs, and stored secrets. No public exploit has been identified at time of analysis, though the technique is mechanically straightforward for any authenticated local user; the Broadcom advisory (SA 37995) is the authoritative disclosure source.
Local privilege escalation via a misconfigured WMI provider in Broadcom's Symantec IT Management Suite (Altiris) exposes SYSTEM-readable files to any local standard user. The AltirisAgent_Stream WMI class fails to re-impersonate the calling user when servicing queries, reverting to the LocalSystem context instead - allowing unprivileged local users to bypass filesystem ACLs and read files that are restricted to SYSTEM or Administrator accounts, including configuration files, service logs, and stored secrets. No public exploit has been identified at time of analysis, though the technique is mechanically straightforward for any authenticated local user; the Broadcom advisory (SA 37995) is the authoritative disclosure source.