CVE-2009-3035
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.
La consola web Symantec Altiris Notification Server v6.0.x anterior a v6.0 SP3 R12, usa una clave embebida que puede descifrar las credenciales del servidor SQL y otro tipo de credenciales. Almacena esta clave en la máquina Notification Server, lo que permite a usuarios locales obtener información sensible y posiblemente, ejecutar código de su elección a través de estas credenciales.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-08-31 CVE Reserved
- 2010-02-02 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/62010 | Vdb Entry | |
| http://www.securityfocus.com/bid/37953 | Vdb Entry | |
| http://www.securitytracker.com/id?1023521 | Vdb Entry | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100128_00 | X_refsource_confirm | |
| http://www.vupen.com/english/advisories/2010/0256 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55952 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/38356 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp1 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp2 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3_r7 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3_r8 |
Affected
| ||||||