Authentication Bypass Vulnerability in Symantec Altiris Deployment Solution
CVE-2009-3109

Currently unrated

Key Information:

Vendor: Symantec
Status: Altiris Deployment Solution
Vendor: CVE Published:; 8 September 2009

Summary

An unspecified vulnerability exists within the AClient agent of Symantec's Altiris Deployment Solution, specifically in versions prior to 6.9 SP3 Build 430. This flaw allows remote attackers to bypass authentication when key-based authentication is utilized between a deployment server and client. By exploiting this vulnerability, attackers can masquerade as the deployment server, submitting alternate commands before the handshake process is completed, leading to potential execution of arbitrary commands with SYSTEM-level privileges.

References

http://secunia.com/advisories/36502

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/36112

vdb-entryx_refsource_BID

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

Timeline

Vulnerability published
Sep 8, 2009
Vulnerability Reserved
Sep 8, 2009