Altiris Deployment Solution Server < 6.9.430 Multiple Vulnerabilities (SYM09-011)

high Nessus Plugin ID 43828

Synopsis

The remote Windows host has a deployment server that is affected by multiple vulnerabilities.

Description

The version of Altiris Deployment Solution installed on the remote host is reportedly affected by the following vulnerabilities :

- DBManager authentication can by bypassed. A remote attacker could exploit this to execute arbitrary database queries. (CVE-2009-3107)

- The Aclient GUI has a privilege escalation vulnerability.
This could allow an unprivileged user to compromise the client. (CVE-2009-3108)

- When key-based authentication is being used, it is possible to issue commands to an agent before the handshake is completed. A malicious server could exploit this to execute arbitrary commands as SYSTEM. (CVE-2009-3109)

- Due to a race condition, a malicious user could intercept a file transfer meant for a legitimate client. This could result in the disclosure of sensitive information, or a denial of service. (CVE-2009-3110)

Solution

Upgrade to Altiris Deployment Solution Server 6.9.430 or later.

See Also

http://www.nessus.org/u?0282e94e

http://www.nessus.org/u?4f922c58

Plugin Details

Severity: High

ID: 43828

File Name: altiris_deployment_solution_server_6_9_430.nasl

Version: 1.8

Type: remote

Agent: windows

Family: Windows

Published: 1/8/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.9

Temporal Score: 5.8

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 8/26/2009

Vulnerability Publication Date: 8/26/2009

Reference Information

CVE: CVE-2009-3107, CVE-2009-3108, CVE-2009-3109, CVE-2009-3110

BID: 36110, 36111, 36112, 36113

CWE: 264, 362

Secunia: 36502