CVE-2009-3107
Symantec Altiris Deployment Solution < 6.9 SP3 Build 430 - Authentication Bypass
Title source: llmDescription
Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.
References (4)
Core 4
Core References
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36502
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36110
Broken Link x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022779
Scores
EPSS
0.0051
EPSS Percentile
66.7%
Details
CWE
CWE-287
Status
published
Products (1)
symantec/altiris_deployment_solution
6.9 (3 CPE variants)
Published
Sep 08, 2009
Tracked Since
Feb 18, 2026