Altiris Deployment Solution Server < 6.9.430 Multiple Vulnerabilities (SYM09-011)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.

Synopsis :

The remote Windows host has a deployment server that is affected by
multiple vulnerabilities.

Description :

The version of Altiris Deployment Solution installed on the remote
host is reportedly affected by the following vulnerabilities :

- DBManager authentication can by bypassed. A remote
attacker could exploit this to execute arbitrary database
queries. (CVE-2009-3107)

- The Aclient GUI has a privilege escalation vulnerability.
This could allow an unprivileged user to compromise the
client. (CVE-2009-3108)

- When key-based authentication is being used, it is possible
to issue commands to an agent before the handshake is
completed. A malicious server could exploit this to execute
arbitrary commands as SYSTEM. (CVE-2009-3109)

- Due to a race condition, a malicious user could intercept
a file transfer meant for a legitimate client. This could
result in the disclosure of sensitive information, or a denial
of service. (CVE-2009-3110)

See also :

Solution :

Upgrade to Altiris Deployment Solution Server 6.9.430 or later.

Risk factor :

High / CVSS Base Score : 7.9
CVSS Temporal Score : 5.8
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 43828 (altiris_deployment_solution_server_6_9_430.nasl)

Bugtraq ID: 36110

CVE ID: CVE-2009-3107

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now