CVE-2009-3035

Currently unrated

Key Information:

Vendor: Symantec
Status: Altiris Notification Server
Vendor: CVE Published:; 2 February 2010

Summary

The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.

References

http://secunia.com/advisories/38356

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/37953

vdb-entryx_refsource_BID

http://osvdb.org/62010

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Feb 2, 2010
Vulnerability Reserved
Aug 31, 2009