CVE-2009-3107

Symantec Altiris Deployment Solution - Authentication Bypass

Title source: rule

Description

Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.

References (4)

[Broken Link, Vendor Advisory] http://secunia.com/advisories/36502

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/36110

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1022779

[Broken Link] http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00

Scores

EPSS 0.0051

EPSS Percentile 66.1%

Classification

CWE

CWE-287

Status draft

Affected Products (3)

symantec/altiris_deployment_solution

Timeline

Published Sep 08, 2009

Tracked Since Feb 18, 2026