CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3178
https://notcve.org/view.php?id=CVE-2009-3178
Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, "Symantec Altiris Deployment Solution 6.9 DoS." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no específica en mm.exe en Symantec Altiris Deployment Solution v6.9, permite a atacantes remotos provocar una denegación de servicio a través de vectores de ataque desconocidos, como se demostró por un módulo concreto en VulnDisco Pack Professional v7.18, " Symantec Altiris Deployment Solution 6.9 DoS". NOTA, como en 20090909, de esta información no se tiene información de la acción. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36587 http://www.securityfocus.com/bid/36247 •
CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 0CVE-2009-3110
https://notcve.org/view.php?id=CVE-2009-3110
Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does. Condición de carrera en la funcionalidad de transferencia de ficheros en Symantec Altiris Deployment Solution v6.9.x anterior a v6.9 SP3 Build 430, permite a atacantes remotos leer archivos sensibles y prevenir las actualizaciones de los clientes mediante la conexión a un puerto de transferencia antes de que lo haga el autentico cliente. • http://secunia.com/advisories/36502 http://www.securityfocus.com/bid/36113 http://www.securitytracker.com/id?1022779 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2009-3108
https://notcve.org/view.php?id=CVE-2009-3108
The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program. Aclient GUI en Symantec Altiris Deployment Solution v6.9.x anterior v6.9 SP3 Build 430 instala un cliente ejecutable con permisos no seguros (todos: control total), que permite a usuarios locales obtener privilegios y reemplazar el ejecutable con un programa troyano. • http://secunia.com/advisories/36502 http://www.securityfocus.com/bid/36111 http://www.securitytracker.com/id?1022779 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3107
https://notcve.org/view.php?id=CVE-2009-3107
Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service. Symantec Altiris Deployment Solution v6.9.x anterior a v6.9 SP3 Build 430 no restringe el acceso de forma adecuada al puerto de escucha para el servicio DBManager, esto permite a atacantes remotos evitar la autenticación y modificar tareas o la base de datos Altiris mediante una conexión a este servicio. • http://secunia.com/advisories/36502 http://www.securityfocus.com/bid/36110 http://www.securitytracker.com/id?1022779 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3109
https://notcve.org/view.php?id=CVE-2009-3109
Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed. Vulnerabilidad no especificada en el agente AClient en Symantec Altiris Deployment Solution v6.9.x anteriores a 6.9 SP3 Build 430, cuando la autenticación basado en clave está siendo utilizada entre un servidor de desarrollo y un cliente, permite a los atacantes remotos evitar la autenticación y eje3cutar arbitrariamente comandos como SYSTEM suplantando el servidor de desarrollo y enviando "comandos alternativos" anteriores a que la negociación esté completada. • http://secunia.com/advisories/36502 http://www.securityfocus.com/bid/36112 http://www.securitytracker.com/id?1022779 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00 •