Altiris Deployment Solution Server < 6.9.430 Multiple Vulnerabilities (SYM09-011)
High Nessus Plugin ID 43828
SynopsisThe remote Windows host has a deployment server that is affected by multiple vulnerabilities.
DescriptionThe version of Altiris Deployment Solution installed on the remote host is reportedly affected by the following vulnerabilities :
- DBManager authentication can by bypassed. A remote attacker could exploit this to execute arbitrary database queries. (CVE-2009-3107)
- The Aclient GUI has a privilege escalation vulnerability.
This could allow an unprivileged user to compromise the client. (CVE-2009-3108)
- When key-based authentication is being used, it is possible to issue commands to an agent before the handshake is completed. A malicious server could exploit this to execute arbitrary commands as SYSTEM. (CVE-2009-3109)
- Due to a race condition, a malicious user could intercept a file transfer meant for a legitimate client. This could result in the disclosure of sensitive information, or a denial of service. (CVE-2009-3110)
SolutionUpgrade to Altiris Deployment Solution Server 6.9.430 or later.