Altiris Deployment Solution Server < 6.9.430 Multiple Vulnerabilities (SYM09-011)

High Nessus Plugin ID 43828


The remote Windows host has a deployment server that is affected by multiple vulnerabilities.


The version of Altiris Deployment Solution installed on the remote host is reportedly affected by the following vulnerabilities :

- DBManager authentication can by bypassed. A remote attacker could exploit this to execute arbitrary database queries. (CVE-2009-3107)

- The Aclient GUI has a privilege escalation vulnerability.
This could allow an unprivileged user to compromise the client. (CVE-2009-3108)

- When key-based authentication is being used, it is possible to issue commands to an agent before the handshake is completed. A malicious server could exploit this to execute arbitrary commands as SYSTEM. (CVE-2009-3109)

- Due to a race condition, a malicious user could intercept a file transfer meant for a legitimate client. This could result in the disclosure of sensitive information, or a denial of service. (CVE-2009-3110)


Upgrade to Altiris Deployment Solution Server 6.9.430 or later.

See Also

Plugin Details

Severity: High

ID: 43828

File Name: altiris_deployment_solution_server_6_9_430.nasl

Version: $Revision: 1.6 $

Type: remote

Agent: windows

Family: Windows

Published: 2010/01/08

Modified: 2016/11/11

Dependencies: 25897

Risk Information

Risk Factor: High


Base Score: 7.9

Temporal Score: 5.8

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/08/26

Vulnerability Publication Date: 2009/08/26

Reference Information

CVE: CVE-2009-3107, CVE-2009-3108, CVE-2009-3109, CVE-2009-3110

BID: 36110, 36111, 36112, 36113

OSVDB: 57458, 57459, 57460, 57461

Secunia: 36502

CWE: 264, 362