CVE-2009-3110
Severity Score
5.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does.
Condición de carrera en la funcionalidad de transferencia de ficheros en Symantec Altiris Deployment Solution v6.9.x anterior a v6.9 SP3 Build 430, permite a atacantes remotos leer archivos sensibles y prevenir las actualizaciones de los clientes mediante la conexión a un puerto de transferencia antes de que lo haga el autentico cliente.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-09-08 CVE Reserved
- 2009-09-08 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/36113 | Vdb Entry | |
| http://www.securitytracker.com/id?1022779 | Vdb Entry | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/36502 | 2013-02-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9" | sp1 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9.164 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9.164" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9.176 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9.176" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9.355 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9.355" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9.355 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9.355" | sp1 |
Affected
| ||||||