Vulnerabilites related to symantec - altiris_deployment_solution
cve-2007-5838
Vulnerability from cvelistv5
Published
2007-11-06 19:00
Modified
2024-08-07 15:47
Severity ?
EPSS score ?
Summary
Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1018876 | vdb-entry, x_refsource_SECTRACK | |
| http://www.irmplc.com/index.php/111-Vendor-Alerts | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2007/3673 | vdb-entry, x_refsource_VUPEN | |
| http://www.irmplc.com/index.php/152-Advisory-022 | x_refsource_MISC | |
| http://secunia.com/advisories/27412 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.symantec.com/avcenter/security/Content/2007.10.31a.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/26265 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38180 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018876",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018876"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"name": "ADV-2007-3673",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3673"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/index.php/152-Advisory-022"
},
{
"name": "27412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.10.31a.html"
},
{
"name": "26265",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26265"
},
{
"name": "symantec-altiris-browser-priv-escalation(38180)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38180"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the \"Enable key-based authentication to Deployment server\" browser option, a different issue than CVE-2007-4380."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018876",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018876"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"name": "ADV-2007-3673",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3673"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/index.php/152-Advisory-022"
},
{
"name": "27412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.10.31a.html"
},
{
"name": "26265",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26265"
},
{
"name": "symantec-altiris-browser-priv-escalation(38180)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38180"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the \"Enable key-based authentication to Deployment server\" browser option, a different issue than CVE-2007-4380."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018876",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018876"
},
{
"name": "http://www.irmplc.com/index.php/111-Vendor-Alerts",
"refsource": "MISC",
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"name": "ADV-2007-3673",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3673"
},
{
"name": "http://www.irmplc.com/index.php/152-Advisory-022",
"refsource": "MISC",
"url": "http://www.irmplc.com/index.php/152-Advisory-022"
},
{
"name": "27412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27412"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.10.31a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.10.31a.html"
},
{
"name": "26265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26265"
},
{
"name": "symantec-altiris-browser-priv-escalation(38180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38180"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5838",
"datePublished": "2007-11-06T19:00:00",
"dateReserved": "2007-11-06T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6828
Vulnerability from cvelistv5
Published
2009-06-08 19:00
Modified
2024-08-07 11:42
Severity ?
EPSS score ?
Summary
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/31773 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46007 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/2876 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/31767 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1021072 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html"
},
{
"name": "31773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31773"
},
{
"name": "symantec-ads-password-info-disclosure(46007)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46007"
},
{
"name": "ADV-2008-2876",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2876"
},
{
"name": "31767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31767"
},
{
"name": "1021072",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html"
},
{
"name": "31773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31773"
},
{
"name": "symantec-ads-password-info-disclosure(46007)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46007"
},
{
"name": "ADV-2008-2876",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2876"
},
{
"name": "31767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31767"
},
{
"name": "1021072",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021072"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html"
},
{
"name": "31773",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31773"
},
{
"name": "symantec-ads-password-info-disclosure(46007)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46007"
},
{
"name": "ADV-2008-2876",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2876"
},
{
"name": "31767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31767"
},
{
"name": "1021072",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021072"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6828",
"datePublished": "2009-06-08T19:00:00",
"dateReserved": "2009-06-08T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5555
Vulnerability from cvelistv5
Published
2007-10-18 20:00
Modified
2024-08-07 15:31
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka "Authentication Credentials Information Leakage in Altiris Deployment Solution." NOTE: this description is based on a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.irmplc.com/index.php/111-Vendor-Alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:59.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka \"Authentication Credentials Information Leakage in Altiris Deployment Solution.\" NOTE: this description is based on a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-08T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka \"Authentication Credentials Information Leakage in Altiris Deployment Solution.\" NOTE: this description is based on a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.irmplc.com/index.php/111-Vendor-Alerts",
"refsource": "MISC",
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5555",
"datePublished": "2007-10-18T20:00:00",
"dateReserved": "2007-10-18T00:00:00",
"dateUpdated": "2024-08-07T15:31:59.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2290
Vulnerability from cvelistv5
Published
2008-05-18 14:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1542/references | vdb-entry, x_refsource_VUPEN | |
| http://marc.info/?l=bugtraq&m=122167472229965&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.securityfocus.com/bid/29194 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=122167472229965&w=2 | vendor-advisory, x_refsource_HP | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42438 | vdb-entry, x_refsource_XF | |
| http://www.symantec.com/avcenter/security/Content/2008.05.14a.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1020024 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/30261 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:00.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "29194",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29194"
},
{
"name": "HPSBMA02369",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "symantec-altiris-interface-priv-escalation(42438)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42438"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "1020024",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "29194",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29194"
},
{
"name": "HPSBMA02369",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "symantec-altiris-interface-priv-escalation(42438)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42438"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "1020024",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30261"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1542",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "29194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29194"
},
{
"name": "HPSBMA02369",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "symantec-altiris-interface-priv-escalation(42438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42438"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "1020024",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30261"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2290",
"datePublished": "2008-05-18T14:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:00.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2289
Vulnerability from cvelistv5
Published
2008-05-18 14:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42440 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/1542/references | vdb-entry, x_refsource_VUPEN | |
| http://marc.info/?l=bugtraq&m=122167472229965&w=2 | vendor-advisory, x_refsource_HP | |
| http://marc.info/?l=bugtraq&m=122167472229965&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.securityfocus.com/bid/29218 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/avcenter/security/Content/2008.05.14a.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1020024 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/30261 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "symantec-altiris-tooltip-priv-escalation(42440)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42440"
},
{
"name": "ADV-2008-1542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "HPSBMA02369",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "29218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "1020024",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "symantec-altiris-tooltip-priv-escalation(42440)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42440"
},
{
"name": "ADV-2008-1542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "HPSBMA02369",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "29218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "1020024",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30261"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-altiris-tooltip-priv-escalation(42440)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42440"
},
{
"name": "ADV-2008-1542",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "HPSBMA02369",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "29218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29218"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "1020024",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30261"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2289",
"datePublished": "2008-05-18T14:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3110
Vulnerability from cvelistv5
Published
2009-09-08 23:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36502 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/36113 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1022779 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36502"
},
{
"name": "36113",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
},
{
"name": "1022779",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-07T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36502"
},
{
"name": "36113",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
},
{
"name": "1022779",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36502"
},
{
"name": "36113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36113"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
},
{
"name": "1022779",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3110",
"datePublished": "2009-09-08T23:00:00",
"dateReserved": "2009-09-08T00:00:00",
"dateUpdated": "2024-08-07T06:14:55.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2286
Vulnerability from cvelistv5
Published
2008-05-18 14:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:01.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29198",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29198"
},
{
"name": "symantec-altiris-axengine-sql-injection(42436)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42436"
},
{
"name": "ADV-2008-1542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-024/"
},
{
"name": "HPSBMA02369",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "20080515 ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492127/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "29552",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/29552"
},
{
"name": "20080518 Insomnia : ISVA-080516.1 - Altiris Deployment Solution - SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492229/100/0/threaded"
},
{
"name": "45313",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/45313"
},
{
"name": "1020024",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29198",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29198"
},
{
"name": "symantec-altiris-axengine-sql-injection(42436)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42436"
},
{
"name": "ADV-2008-1542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-024/"
},
{
"name": "HPSBMA02369",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "20080515 ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492127/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "29552",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/29552"
},
{
"name": "20080518 Insomnia : ISVA-080516.1 - Altiris Deployment Solution - SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492229/100/0/threaded"
},
{
"name": "45313",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/45313"
},
{
"name": "1020024",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30261"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29198",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29198"
},
{
"name": "symantec-altiris-axengine-sql-injection(42436)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42436"
},
{
"name": "ADV-2008-1542",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-024/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-024/"
},
{
"name": "HPSBMA02369",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "20080515 ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492127/100/0/threaded"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "29552",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/29552"
},
{
"name": "20080518 Insomnia : ISVA-080516.1 - Altiris Deployment Solution - SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492229/100/0/threaded"
},
{
"name": "45313",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/45313"
},
{
"name": "1020024",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30261"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2286",
"datePublished": "2008-05-18T14:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:01.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2291
Vulnerability from cvelistv5
Published
2008-05-18 14:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.insomniasec.com/advisories/ISVA-080516.2.htm | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/492228/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2008/1542/references | vdb-entry, x_refsource_VUPEN | |
| http://marc.info/?l=bugtraq&m=122167472229965&w=2 | vendor-advisory, x_refsource_HP | |
| http://marc.info/?l=bugtraq&m=122167472229965&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-025/ | x_refsource_MISC | |
| http://www.symantec.com/avcenter/security/Content/2008.05.14a.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/29199 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42437 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1020024 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/492128/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/30261 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:01.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.insomniasec.com/advisories/ISVA-080516.2.htm"
},
{
"name": "20080518 Insomnia : ISVA-080516.2 - Altiris Deployment Solution - Domain Account Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492228/100/0/threaded"
},
{
"name": "ADV-2008-1542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "HPSBMA02369",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-025/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "29199",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29199"
},
{
"name": "symantec-altiris-axengine-info-disclosure(42437)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42437"
},
{
"name": "1020024",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "20080515 ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492128/100/0/threaded"
},
{
"name": "30261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.insomniasec.com/advisories/ISVA-080516.2.htm"
},
{
"name": "20080518 Insomnia : ISVA-080516.2 - Altiris Deployment Solution - Domain Account Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492228/100/0/threaded"
},
{
"name": "ADV-2008-1542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "HPSBMA02369",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-025/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "29199",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29199"
},
{
"name": "symantec-altiris-axengine-info-disclosure(42437)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42437"
},
{
"name": "1020024",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "20080515 ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492128/100/0/threaded"
},
{
"name": "30261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30261"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.insomniasec.com/advisories/ISVA-080516.2.htm",
"refsource": "MISC",
"url": "http://www.insomniasec.com/advisories/ISVA-080516.2.htm"
},
{
"name": "20080518 Insomnia : ISVA-080516.2 - Altiris Deployment Solution - Domain Account Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492228/100/0/threaded"
},
{
"name": "ADV-2008-1542",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "HPSBMA02369",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-025/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-025/"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "29199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29199"
},
{
"name": "symantec-altiris-axengine-info-disclosure(42437)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42437"
},
{
"name": "1020024",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "20080515 ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492128/100/0/threaded"
},
{
"name": "30261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30261"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2291",
"datePublished": "2008-05-18T14:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:01.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4380
Vulnerability from cvelistv5
Published
2007-08-16 18:00
Modified
2024-08-07 14:53
Severity ?
EPSS score ?
Summary
Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.irmplc.com/index.php/111-Vendor-Alerts | x_refsource_MISC | |
| http://securityresponse.symantec.com/avcenter/security/Content/2007.08.13.html | x_refsource_CONFIRM | |
| http://www.irmplc.com/index.php/152-Advisory-022 | x_refsource_MISC | |
| http://www.securitytracker.com/id?1018552 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/25232 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/26435 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36004 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/2879 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.08.13.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/index.php/152-Advisory-022"
},
{
"name": "1018552",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018552"
},
{
"name": "25232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25232"
},
{
"name": "26435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26435"
},
{
"name": "symantec-altiris-log-privilege-escalation(36004)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36004"
},
{
"name": "ADV-2007-2879",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.08.13.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/index.php/152-Advisory-022"
},
{
"name": "1018552",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018552"
},
{
"name": "25232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25232"
},
{
"name": "26435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26435"
},
{
"name": "symantec-altiris-log-privilege-escalation(36004)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36004"
},
{
"name": "ADV-2007-2879",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2879"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.irmplc.com/index.php/111-Vendor-Alerts",
"refsource": "MISC",
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.08.13.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.08.13.html"
},
{
"name": "http://www.irmplc.com/index.php/152-Advisory-022",
"refsource": "MISC",
"url": "http://www.irmplc.com/index.php/152-Advisory-022"
},
{
"name": "1018552",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018552"
},
{
"name": "25232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25232"
},
{
"name": "26435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26435"
},
{
"name": "symantec-altiris-log-privilege-escalation(36004)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36004"
},
{
"name": "ADV-2007-2879",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2879"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4380",
"datePublished": "2007-08-16T18:00:00",
"dateReserved": "2007-08-16T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0109
Vulnerability from cvelistv5
Published
2018-02-19 19:00
Modified
2024-08-07 00:37
Severity ?
EPSS score ?
Summary
DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38410 | vdb-entry, x_refsource_BID | |
| https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20100420_00 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:53.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38410",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20100420_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-19T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38410",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20100420_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38410"
},
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20100420_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20100420_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0109",
"datePublished": "2018-02-19T19:00:00",
"dateReserved": "2009-12-31T00:00:00",
"dateUpdated": "2024-08-07T00:37:53.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6827
Vulnerability from cvelistv5
Published
2009-06-08 19:00
Modified
2024-08-07 11:42
Severity ?
EPSS score ?
Summary
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1021071 | vdb-entry, x_refsource_SECTRACK | |
| http://marc.info/?l=bugtraq&m=122460544316205&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.symantec.com/avcenter/security/Content/2008.10.20a.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/31773 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46006 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/2876 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/49426 | vdb-entry, x_refsource_OSVDB | |
| http://www.insomniasec.com/advisories/ISVA-081020.1.htm | x_refsource_MISC | |
| http://www.securityfocus.com/bid/31766 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1021071",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021071"
},
{
"name": "20081020 Insomnia : ISVA-081020.1 - Altiris Deployment Server Agent - Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122460544316205\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.10.20a.html"
},
{
"name": "31773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31773"
},
{
"name": "symantec-ads-clientgui-command-execution(46006)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46006"
},
{
"name": "ADV-2008-2876",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2876"
},
{
"name": "49426",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49426"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.insomniasec.com/advisories/ISVA-081020.1.htm"
},
{
"name": "31766",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a \"Shatter\" style attack on the \"command prompt\" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1021071",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021071"
},
{
"name": "20081020 Insomnia : ISVA-081020.1 - Altiris Deployment Server Agent - Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122460544316205\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.10.20a.html"
},
{
"name": "31773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31773"
},
{
"name": "symantec-ads-clientgui-command-execution(46006)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46006"
},
{
"name": "ADV-2008-2876",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2876"
},
{
"name": "49426",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49426"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.insomniasec.com/advisories/ISVA-081020.1.htm"
},
{
"name": "31766",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31766"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a \"Shatter\" style attack on the \"command prompt\" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021071",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021071"
},
{
"name": "20081020 Insomnia : ISVA-081020.1 - Altiris Deployment Server Agent - Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=122460544316205\u0026w=2"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.10.20a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.10.20a.html"
},
{
"name": "31773",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31773"
},
{
"name": "symantec-ads-clientgui-command-execution(46006)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46006"
},
{
"name": "ADV-2008-2876",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2876"
},
{
"name": "49426",
"refsource": "OSVDB",
"url": "http://osvdb.org/49426"
},
{
"name": "http://www.insomniasec.com/advisories/ISVA-081020.1.htm",
"refsource": "MISC",
"url": "http://www.insomniasec.com/advisories/ISVA-081020.1.htm"
},
{
"name": "31766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31766"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6827",
"datePublished": "2009-06-08T19:00:00",
"dateReserved": "2009-06-08T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3028
Vulnerability from cvelistv5
Published
2011-03-07 20:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/36346 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/57893 | vdb-entry, x_refsource_OSVDB | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00 | x_refsource_CONFIRM | |
| http://www.symantec.com/business/support/index?page=content&id=TECH44885 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/36679 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36346"
},
{
"name": "57893",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/57893"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090922_00"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH44885"
},
{
"name": "36679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36679"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-07T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36346"
},
{
"name": "57893",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/57893"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090922_00"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH44885"
},
{
"name": "36679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36679"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36346"
},
{
"name": "57893",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/57893"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090922_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090922_00"
},
{
"name": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH44885",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH44885"
},
{
"name": "36679",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36679"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3028",
"datePublished": "2011-03-07T20:00:00",
"dateReserved": "2009-08-31T00:00:00",
"dateUpdated": "2024-08-07T06:14:55.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3178
Vulnerability from cvelistv5
Published
2009-09-11 20:00
Modified
2024-09-17 00:21
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, "Symantec Altiris Deployment Solution 6.9 DoS." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36587 | third-party-advisory, x_refsource_SECUNIA | |
| http://intevydis.com/vd-list.shtml | x_refsource_MISC | |
| http://www.securityfocus.com/bid/36247 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36587"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "36247",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, \"Symantec Altiris Deployment Solution 6.9 DoS.\" NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-11T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36587"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "36247",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36247"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, \"Symantec Altiris Deployment Solution 6.9 DoS.\" NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36587"
},
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "36247",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3178",
"datePublished": "2009-09-11T20:00:00Z",
"dateReserved": "2009-09-11T00:00:00Z",
"dateUpdated": "2024-09-17T00:21:38.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2287
Vulnerability from cvelistv5
Published
2008-05-18 14:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42442 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/1542/references | vdb-entry, x_refsource_VUPEN | |
| http://marc.info/?l=bugtraq&m=122167472229965&w=2 | vendor-advisory, x_refsource_HP | |
| http://marc.info/?l=bugtraq&m=122167472229965&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.securityfocus.com/bid/29197 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/avcenter/security/Content/2008.05.14a.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1020024 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/30261 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:01.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "symantec-altiris-install-code-execution(42442)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42442"
},
{
"name": "ADV-2008-1542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "HPSBMA02369",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "29197",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29197"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "1020024",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "symantec-altiris-install-code-execution(42442)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42442"
},
{
"name": "ADV-2008-1542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "HPSBMA02369",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "29197",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29197"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "1020024",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30261"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-altiris-install-code-execution(42442)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42442"
},
{
"name": "ADV-2008-1542",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "HPSBMA02369",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "29197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29197"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "1020024",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30261"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2287",
"datePublished": "2008-05-18T14:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:01.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1473
Vulnerability from cvelistv5
Published
2008-03-24 22:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityresponse.symantec.com/avcenter/security/Content/2008.03.10.html | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/0843/references | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1019569 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41100 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/28110 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/29319 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.03.10.html"
},
{
"name": "ADV-2008-0843",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0843/references"
},
{
"name": "1019569",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019569"
},
{
"name": "symantec-altiris-aclient-priv-escalation(41100)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41100"
},
{
"name": "28110",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28110"
},
{
"name": "29319",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a \"Shatter\" style attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.03.10.html"
},
{
"name": "ADV-2008-0843",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0843/references"
},
{
"name": "1019569",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019569"
},
{
"name": "symantec-altiris-aclient-priv-escalation(41100)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41100"
},
{
"name": "28110",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28110"
},
{
"name": "29319",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a \"Shatter\" style attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.03.10.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.03.10.html"
},
{
"name": "ADV-2008-0843",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0843/references"
},
{
"name": "1019569",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019569"
},
{
"name": "symantec-altiris-aclient-priv-escalation(41100)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41100"
},
{
"name": "28110",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28110"
},
{
"name": "29319",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1473",
"datePublished": "2008-03-24T22:00:00",
"dateReserved": "2008-03-24T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3179
Vulnerability from cvelistv5
Published
2009-09-11 20:00
Modified
2024-09-16 18:14
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) "Symantec Altiris Deployment Solution 6.9 exploit, (2) "Symantec Altiris Deployment Solution 6.9 exploit (II)," and (3) "Symantec Altiris Deployment Solution 6.9 exploit (III)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36587 | third-party-advisory, x_refsource_SECUNIA | |
| http://intevydis.com/vd-list.shtml | x_refsource_MISC | |
| http://www.securityfocus.com/bid/36247 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36587"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "36247",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) \"Symantec Altiris Deployment Solution 6.9 exploit, (2) \"Symantec Altiris Deployment Solution 6.9 exploit (II),\" and (3) \"Symantec Altiris Deployment Solution 6.9 exploit (III).\" NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-11T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36587"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "36247",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36247"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) \"Symantec Altiris Deployment Solution 6.9 exploit, (2) \"Symantec Altiris Deployment Solution 6.9 exploit (II),\" and (3) \"Symantec Altiris Deployment Solution 6.9 exploit (III).\" NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36587"
},
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "36247",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3179",
"datePublished": "2009-09-11T20:00:00Z",
"dateReserved": "2009-09-11T00:00:00Z",
"dateUpdated": "2024-09-16T18:14:28.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3109
Vulnerability from cvelistv5
Published
2009-09-08 23:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36502 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/36112 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1022779 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36502"
},
{
"name": "36112",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
},
{
"name": "1022779",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending \"alternate commands\" before the handshake is completed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-07T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36502"
},
{
"name": "36112",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
},
{
"name": "1022779",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending \"alternate commands\" before the handshake is completed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36502"
},
{
"name": "36112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36112"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
},
{
"name": "1022779",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3109",
"datePublished": "2009-09-08T23:00:00",
"dateReserved": "2009-09-08T00:00:00",
"dateUpdated": "2024-08-07T06:14:56.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4564
Vulnerability from cvelistv5
Published
2009-03-18 15:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:18.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2009.03.17a.html"
},
{
"name": "ADV-2009-0744",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0744"
},
{
"name": "34303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34303"
},
{
"name": "1021859",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021859"
},
{
"name": "34307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34307"
},
{
"name": "autonomy-keyview-wp6sr-bo(49284)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49284"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?rs=463\u0026uid=swg21377573"
},
{
"name": "34318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34318"
},
{
"name": "1021856",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021856"
},
{
"name": "1021857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021857"
},
{
"name": "VU#276563",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/276563"
},
{
"name": "ADV-2009-0756",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0756"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html"
},
{
"name": "34355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34355"
},
{
"name": "52713",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52713"
},
{
"name": "20090317 Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774"
},
{
"name": "34086",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34086"
},
{
"name": "ADV-2009-0757",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2009.03.17a.html"
},
{
"name": "ADV-2009-0744",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0744"
},
{
"name": "34303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34303"
},
{
"name": "1021859",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021859"
},
{
"name": "34307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34307"
},
{
"name": "autonomy-keyview-wp6sr-bo(49284)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49284"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?rs=463\u0026uid=swg21377573"
},
{
"name": "34318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34318"
},
{
"name": "1021856",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021856"
},
{
"name": "1021857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021857"
},
{
"name": "VU#276563",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/276563"
},
{
"name": "ADV-2009-0756",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0756"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html"
},
{
"name": "34355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34355"
},
{
"name": "52713",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52713"
},
{
"name": "20090317 Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774"
},
{
"name": "34086",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34086"
},
{
"name": "ADV-2009-0757",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/avcenter/security/Content/2009.03.17a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2009.03.17a.html"
},
{
"name": "ADV-2009-0744",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0744"
},
{
"name": "34303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34303"
},
{
"name": "1021859",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021859"
},
{
"name": "34307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34307"
},
{
"name": "autonomy-keyview-wp6sr-bo(49284)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49284"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?rs=463\u0026uid=swg21377573",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?rs=463\u0026uid=swg21377573"
},
{
"name": "34318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34318"
},
{
"name": "1021856",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021856"
},
{
"name": "1021857",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021857"
},
{
"name": "VU#276563",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/276563"
},
{
"name": "ADV-2009-0756",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0756"
},
{
"name": "https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html",
"refsource": "CONFIRM",
"url": "https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html"
},
{
"name": "34355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34355"
},
{
"name": "52713",
"refsource": "OSVDB",
"url": "http://osvdb.org/52713"
},
{
"name": "20090317 Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774"
},
{
"name": "34086",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34086"
},
{
"name": "ADV-2009-0757",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4564",
"datePublished": "2009-03-18T15:00:00",
"dateReserved": "2008-10-14T00:00:00",
"dateUpdated": "2024-08-07T10:24:18.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3033
Vulnerability from cvelistv5
Published
2009-11-25 16:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/37092 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/3328 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54415 | vdb-entry, x_refsource_XF | |
| https://kb.altiris.com/article.asp?article=50072&p=1 | x_refsource_CONFIRM | |
| https://kb.altiris.com/article.asp?article=50279&p=1 | x_refsource_CONFIRM | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091124_00 | x_refsource_CONFIRM | |
| http://osvdb.org/60496 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37092",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37092"
},
{
"name": "ADV-2009-3328",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3328"
},
{
"name": "symantec-console-utilities-bo(54415)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54415"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.altiris.com/article.asp?article=50072\u0026p=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.altiris.com/article.asp?article=50279\u0026p=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091124_00"
},
{
"name": "60496",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60496"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37092",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37092"
},
{
"name": "ADV-2009-3328",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3328"
},
{
"name": "symantec-console-utilities-bo(54415)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54415"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.altiris.com/article.asp?article=50072\u0026p=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.altiris.com/article.asp?article=50279\u0026p=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091124_00"
},
{
"name": "60496",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60496"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37092"
},
{
"name": "ADV-2009-3328",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3328"
},
{
"name": "symantec-console-utilities-bo(54415)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54415"
},
{
"name": "https://kb.altiris.com/article.asp?article=50072\u0026p=1",
"refsource": "CONFIRM",
"url": "https://kb.altiris.com/article.asp?article=50072\u0026p=1"
},
{
"name": "https://kb.altiris.com/article.asp?article=50279\u0026p=1",
"refsource": "CONFIRM",
"url": "https://kb.altiris.com/article.asp?article=50279\u0026p=1"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091124_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091124_00"
},
{
"name": "60496",
"refsource": "OSVDB",
"url": "http://osvdb.org/60496"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3033",
"datePublished": "2009-11-25T16:00:00",
"dateReserved": "2009-08-31T00:00:00",
"dateUpdated": "2024-08-07T06:14:55.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1754
Vulnerability from cvelistv5
Published
2008-04-11 20:28
Modified
2024-08-07 08:32
Severity ?
EPSS score ?
Summary
Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41771 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/28707 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2008/1197/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/29771 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1019825 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/44388 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "altiris-agent-aclient-info-disclosure(41771)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41771"
},
{
"name": "28707",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28707"
},
{
"name": "ADV-2008-1197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1197/references"
},
{
"name": "29771",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html"
},
{
"name": "1019825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019825"
},
{
"name": "44388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/44388"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "altiris-agent-aclient-info-disclosure(41771)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41771"
},
{
"name": "28707",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28707"
},
{
"name": "ADV-2008-1197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1197/references"
},
{
"name": "29771",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html"
},
{
"name": "1019825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019825"
},
{
"name": "44388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/44388"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "altiris-agent-aclient-info-disclosure(41771)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41771"
},
{
"name": "28707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28707"
},
{
"name": "ADV-2008-1197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1197/references"
},
{
"name": "29771",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29771"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html"
},
{
"name": "1019825",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019825"
},
{
"name": "44388",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44388"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1754",
"datePublished": "2008-04-11T20:28:00",
"dateReserved": "2008-04-11T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2288
Vulnerability from cvelistv5
Published
2008-05-18 14:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42441 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/1542/references | vdb-entry, x_refsource_VUPEN | |
| http://marc.info/?l=bugtraq&m=122167472229965&w=2 | vendor-advisory, x_refsource_HP | |
| http://marc.info/?l=bugtraq&m=122167472229965&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.securityfocus.com/bid/29196 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/avcenter/security/Content/2008.05.14a.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1020024 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/30261 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:01.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "symantec-altiris-keys-data-manipulation(42441)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42441"
},
{
"name": "ADV-2008-1542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "HPSBMA02369",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "29196",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "1020024",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "symantec-altiris-keys-data-manipulation(42441)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42441"
},
{
"name": "ADV-2008-1542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "HPSBMA02369",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "29196",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "1020024",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30261"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-altiris-keys-data-manipulation(42441)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42441"
},
{
"name": "ADV-2008-1542",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "HPSBMA02369",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"name": "29196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29196"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "1020024",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30261"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2288",
"datePublished": "2008-05-18T14:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:01.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3031
Vulnerability from cvelistv5
Published
2009-11-03 16:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sotiriu.de/adv/NSOADV-2009-001.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/36698 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/3117 | vdb-entry, x_refsource_VUPEN | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091102_00 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/507625/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://kb.altiris.com/article.asp?article=49568&p=1 | x_refsource_CONFIRM | |
| https://kb.altiris.com/article.asp?article=49389&p=1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sotiriu.de/adv/NSOADV-2009-001.txt"
},
{
"name": "36698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36698"
},
{
"name": "ADV-2009-3117",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091102_00"
},
{
"name": "20091102 NSOADV-2009-001: Symantec ConsoleUtilities ActiveX Control Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507625/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.altiris.com/article.asp?article=49568\u0026p=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.altiris.com/article.asp?article=49389\u0026p=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sotiriu.de/adv/NSOADV-2009-001.txt"
},
{
"name": "36698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36698"
},
{
"name": "ADV-2009-3117",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091102_00"
},
{
"name": "20091102 NSOADV-2009-001: Symantec ConsoleUtilities ActiveX Control Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507625/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.altiris.com/article.asp?article=49568\u0026p=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.altiris.com/article.asp?article=49389\u0026p=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sotiriu.de/adv/NSOADV-2009-001.txt",
"refsource": "MISC",
"url": "http://sotiriu.de/adv/NSOADV-2009-001.txt"
},
{
"name": "36698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36698"
},
{
"name": "ADV-2009-3117",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3117"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091102_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091102_00"
},
{
"name": "20091102 NSOADV-2009-001: Symantec ConsoleUtilities ActiveX Control Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507625/100/0/threaded"
},
{
"name": "https://kb.altiris.com/article.asp?article=49568\u0026p=1",
"refsource": "CONFIRM",
"url": "https://kb.altiris.com/article.asp?article=49568\u0026p=1"
},
{
"name": "https://kb.altiris.com/article.asp?article=49389\u0026p=1",
"refsource": "CONFIRM",
"url": "https://kb.altiris.com/article.asp?article=49389\u0026p=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3031",
"datePublished": "2009-11-03T16:00:00",
"dateReserved": "2009-08-31T00:00:00",
"dateUpdated": "2024-08-07T06:14:56.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3108
Vulnerability from cvelistv5
Published
2009-09-08 23:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/36111 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/36502 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1022779 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36111",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36111"
},
{
"name": "36502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36502"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
},
{
"name": "1022779",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-07T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36111",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36111"
},
{
"name": "36502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36502"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
},
{
"name": "1022779",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36111"
},
{
"name": "36502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36502"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
},
{
"name": "1022779",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3108",
"datePublished": "2009-09-08T23:00:00",
"dateReserved": "2009-09-08T00:00:00",
"dateUpdated": "2024-08-07T06:14:55.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3107
Vulnerability from cvelistv5
Published
2009-09-08 23:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36502 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/36110 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1022779 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36502"
},
{
"name": "36110",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36110"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
},
{
"name": "1022779",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-07T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36502"
},
{
"name": "36110",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36110"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
},
{
"name": "1022779",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36502"
},
{
"name": "36110",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36110"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
},
{
"name": "1022779",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3107",
"datePublished": "2009-09-08T23:00:00",
"dateReserved": "2009-09-08T00:00:00",
"dateUpdated": "2024-08-07T06:14:56.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-11-06 19:46
Modified
2024-11-21 00:38
Severity ?
Summary
Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | 6 | |
| symantec | altiris_deployment_solution | 6.8 | |
| symantec | altiris_deployment_solution | 6.8 | |
| symantec | altiris_deployment_solution | 6.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6:*:*:*:*:*:*:*",
"matchCriteriaId": "84C46569-313C-46F9-A7AE-62588A41E468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6F838B26-BCE1-4663-95B1-B40BAB4F614E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A1363995-0647-4C83-B3DA-360D5433DCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9834A783-AB15-489F-A146-0D0D5A9DB5E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the \"Enable key-based authentication to Deployment server\" browser option, a different issue than CVE-2007-4380."
},
{
"lang": "es",
"value": "Aclient en Symantec Altiris Deployment Solution 6.x anterior a 6.8.380.0 permite a usuarios locales ganar privilegios de sistemas locales a trav\u00e9s de la opci\u00f3n del navegador \"servidor de despliegue con la autenticaci\u00f3n basada en llave habilitados\", un asundo diferente que CVE-2007-4380."
}
],
"id": "CVE-2007-5838",
"lastModified": "2024-11-21T00:38:48.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-06T19:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27412"
},
{
"source": "cve@mitre.org",
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"source": "cve@mitre.org",
"url": "http://www.irmplc.com/index.php/152-Advisory-022"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26265"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018876"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.10.31a.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3673"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.irmplc.com/index.php/152-Advisory-022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.10.31a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38180"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-08 23:30
Modified
2024-11-21 01:06
Severity ?
Summary
The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | 6.9 | |
| symantec | altiris_deployment_solution | 6.9 | |
| symantec | altiris_deployment_solution | 6.9.164 | |
| symantec | altiris_deployment_solution | 6.9.176 | |
| symantec | altiris_deployment_solution | 6.9.355 | |
| symantec | altiris_deployment_solution | 6.9.355 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*",
"matchCriteriaId": "BA744B2A-B81E-4E97-A720-307041478B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.176:*:*:*:*:*:*:*",
"matchCriteriaId": "E9301CFC-5925-4249-8439-5E2BBAF06687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:*:*:*:*:*:*:*",
"matchCriteriaId": "E4070F9F-F63E-4708-8DA0-339A777383B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5C9DD5AC-7E4C-4A62-A5B3-B179359635A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program."
},
{
"lang": "es",
"value": "Aclient GUI en Symantec Altiris Deployment Solution v6.9.x anterior v6.9 SP3 Build 430 instala un cliente ejecutable con permisos no seguros (todos: control total), que permite a usuarios locales obtener privilegios y reemplazar el ejecutable con un programa troyano."
}
],
"id": "CVE-2009-3108",
"lastModified": "2024-11-21T01:06:34.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-08T23:30:00.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36502"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36111"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022779"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-24 22:44
Modified
2024-11-21 00:44
Severity ?
Summary
The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | 6.8 | |
| symantec | altiris_deployment_solution | 6.8 | |
| symantec | altiris_deployment_solution | 6.8 | |
| symantec | altiris_deployment_solution | 6.8.282 | |
| symantec | altiris_deployment_solution | 6.8.378 | |
| symantec | altiris_deployment_solution | 6.8.380 | |
| symantec | altiris_deployment_solution | 6.8.380.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6F838B26-BCE1-4663-95B1-B40BAB4F614E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A1363995-0647-4C83-B3DA-360D5433DCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9834A783-AB15-489F-A146-0D0D5A9DB5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8.282:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E968DE-D137-467D-9800-7E00D69BA3D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8.378:*:*:*:*:*:*:*",
"matchCriteriaId": "57F30D89-6939-4BE7-B1FA-2F3C3CD6989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8.380:*:*:*:*:*:*:*",
"matchCriteriaId": "66BB840E-08C0-443A-A4B4-CAAF476AB728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8.380.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE8C69C-6604-4244-9634-D8D1CE2B3AEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a \"Shatter\" style attack."
},
{
"lang": "es",
"value": "El Altiris Client Service (AClient.exe) en Symantec Altiris Deployment Solution versiones 6.8.x anteriores a 6.9.164, permite a los usuarios locales alcanzar privilegios mediante un ataque estilo \"Shatter\"."
}
],
"id": "CVE-2008-1473",
"lastModified": "2024-11-21T00:44:37.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-24T22:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29319"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.03.10.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28110"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019569"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0843/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.03.10.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0843/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41100"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-18 14:20
Modified
2024-11-21 00:46
Severity ?
Summary
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | 6.8 | |
| symantec | altiris_deployment_solution | 6.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6F838B26-BCE1-4663-95B1-B40BAB4F614E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en axengine.exe en Symantec Altiris Deployment Solution 6.8.x y 6.9.x en versiones anteriores a 6.9.176 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de campos de cadena no especificado en un paquete de notificaci\u00f3n."
}
],
"id": "CVE-2008-2286",
"lastModified": "2024-11-21T00:46:31.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-18T14:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/show/osvdb/45313"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30261"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/29552"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/492127/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/492229/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29198"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-024/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/show/osvdb/45313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/29552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492127/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492229/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-024/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42436"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-18 14:20
Modified
2024-11-21 00:46
Severity ?
Summary
Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | 6.8 | |
| symantec | altiris_deployment_solution | 6.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6F838B26-BCE1-4663-95B1-B40BAB4F614E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en la interfaz de usuario Agent de Symantec Altiris Deployment Solution 6.8.x y 6.9.x anterior a 6.9.176 permite a usuarios locales obtener privilegios mediantes vectores de ataque desconocidos."
}
],
"id": "CVE-2008-2290",
"lastModified": "2024-11-21T00:46:31.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-18T14:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30261"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29194"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42438"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-03 16:30
Modified
2024-11-21 01:06
Severity ?
Summary
Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4DC0FB60-BF58-455B-B5D1-97EDF2D6D0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ACB4D1D-08D2-424B-B4F6-13FCDF034833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_management_platform:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72B538F1-CB05-495B-A3F3-24395A1F3B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_management_platform:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "755E4F35-FEAB-488D-825B-C23AF31F03A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68AF67FB-5FC8-4EAA-AF09-35D4740B967F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:*:sp1:*:*:*:*:*",
"matchCriteriaId": "214688D3-0653-4FDD-89C3-25E62BA050F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0C13D2DE-7EA0-4963-BA60-5D01E037D954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8D085BB2-1012-4386-AEE9-31870673BF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r7:*:*:*:*:*:*",
"matchCriteriaId": "5E187D85-9F75-4749-9682-29F66D919E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C048C7FD-700F-4388-A1ED-16A6ECB31B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "EB49276E-A0B9-4E74-9A45-928BC6A99E3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el m\u00e9todo BrowseAndSaveFile en el control ActiveX ConsoleUtilities v6.0.0.1846 en AeXNSConsoleUtilities.dll en Symantec Altiris Notification Server (NS) v6.0 anterior a R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution v6.9 SP3, y Symantec Management Platform (SMP) v7.0 anterior a SP3, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadena larga en el segundo argumento."
}
],
"id": "CVE-2009-3031",
"lastModified": "2024-11-21T01:06:21.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-03T16:30:10.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://sotiriu.de/adv/NSOADV-2009-001.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507625/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/36698"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091102_00"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3117"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.altiris.com/article.asp?article=49389\u0026p=1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.altiris.com/article.asp?article=49568\u0026p=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://sotiriu.de/adv/NSOADV-2009-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507625/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/36698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091102_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.altiris.com/article.asp?article=49389\u0026p=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.altiris.com/article.asp?article=49568\u0026p=1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-18 14:20
Modified
2024-11-21 00:46
Severity ?
Summary
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | 6.8 | |
| symantec | altiris_deployment_solution | 6.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6F838B26-BCE1-4663-95B1-B40BAB4F614E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse."
},
{
"lang": "es",
"value": "Symantec Altiris Deployment Solution 6.8.x y 6.9.x anterior a 6.9.176 no protege correctamente el directorio install, lo que podr\u00eda permitir a usuarios locales obtener privilegios reemplazando un componente de una aplicaci\u00f3n por un troyano."
}
],
"id": "CVE-2008-2287",
"lastModified": "2024-11-21T00:46:31.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-18T14:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30261"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29197"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42442"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-18 20:17
Modified
2024-11-21 00:38
Severity ?
Summary
Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka "Authentication Credentials Information Leakage in Altiris Deployment Solution." NOTE: this description is based on a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6:*:*:*:*:*:*:*",
"matchCriteriaId": "84C46569-313C-46F9-A7AE-62588A41E468",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka \"Authentication Credentials Information Leakage in Altiris Deployment Solution.\" NOTE: this description is based on a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en Symantec Altiris Deployment Solution, permite a atacantes obtener credenciales de autenticaci\u00f3n por medio de vectores desconocidos, tambi\u00e9n se conoce como \"Authentication Credentials Information Leakage in Altiris Deployment Solution\". NOTA: esta descripci\u00f3n est\u00e1 basada en un aviso preliminar vago sin informaci\u00f3n procesable. Sin embargo, dado que es de un investigador muy conocido, se le est\u00e1 asignando un identificador CVE para fines de seguimiento."
}
],
"id": "CVE-2007-5555",
"lastModified": "2024-11-21T00:38:10.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-18T20:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-08 23:30
Modified
2024-11-21 01:06
Severity ?
Summary
Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | 6.9 | |
| symantec | altiris_deployment_solution | 6.9 | |
| symantec | altiris_deployment_solution | 6.9.164 | |
| symantec | altiris_deployment_solution | 6.9.176 | |
| symantec | altiris_deployment_solution | 6.9.355 | |
| symantec | altiris_deployment_solution | 6.9.355 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*",
"matchCriteriaId": "BA744B2A-B81E-4E97-A720-307041478B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.176:*:*:*:*:*:*:*",
"matchCriteriaId": "E9301CFC-5925-4249-8439-5E2BBAF06687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:*:*:*:*:*:*:*",
"matchCriteriaId": "E4070F9F-F63E-4708-8DA0-339A777383B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5C9DD5AC-7E4C-4A62-A5B3-B179359635A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en la funcionalidad de transferencia de ficheros en Symantec Altiris Deployment Solution v6.9.x anterior a v6.9 SP3 Build 430, permite a atacantes remotos leer archivos sensibles y prevenir las actualizaciones de los clientes mediante la conexi\u00f3n a un puerto de transferencia antes de que lo haga el autentico cliente."
}
],
"id": "CVE-2009-3110",
"lastModified": "2024-11-21T01:06:34.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-08T23:30:00.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36502"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36113"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022779"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-11 20:30
Modified
2024-11-21 01:06
Severity ?
Summary
Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, "Symantec Altiris Deployment Solution 6.9 DoS." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | 6.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, \"Symantec Altiris Deployment Solution 6.9 DoS.\" NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
},
{
"lang": "es",
"value": "Vulnerabilidad no espec\u00edfica en mm.exe en Symantec Altiris Deployment Solution v6.9, permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores de ataque desconocidos, como se demostr\u00f3 por un m\u00f3dulo concreto en VulnDisco Pack Professional v7.18, \" Symantec Altiris Deployment Solution 6.9 DoS\". NOTA, como en 20090909, de esta informaci\u00f3n no se tiene informaci\u00f3n de la acci\u00f3n. Sin embargo, debido a que el autor VulnDisco Pack es un investigador confiable, se le ha asignado un identificador CVE con fines de seguimiento."
}
],
"id": "CVE-2009-3178",
"lastModified": "2024-11-21T01:06:42.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-11T20:30:01.157",
"references": [
{
"source": "cve@mitre.org",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36587"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36247"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-08 23:30
Modified
2024-11-21 01:06
Severity ?
Summary
Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | 6.9 | |
| symantec | altiris_deployment_solution | 6.9 | |
| symantec | altiris_deployment_solution | 6.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4DC0FB60-BF58-455B-B5D1-97EDF2D6D0E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending \"alternate commands\" before the handshake is completed."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el agente AClient en Symantec Altiris Deployment Solution v6.9.x anteriores a 6.9 SP3 Build 430, cuando la autenticaci\u00f3n basado en clave est\u00e1 siendo utilizada entre un servidor de desarrollo y un cliente, permite a los atacantes remotos evitar la autenticaci\u00f3n y eje3cutar arbitrariamente comandos como SYSTEM suplantando el servidor de desarrollo y enviando \"comandos alternativos\" anteriores a que la negociaci\u00f3n est\u00e9 completada."
}
],
"id": "CVE-2009-3109",
"lastModified": "2024-11-21T01:06:34.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-08T23:30:00.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36502"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36112"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022779"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-25 16:30
Modified
2024-11-21 01:06
Severity ?
Summary
Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4DC0FB60-BF58-455B-B5D1-97EDF2D6D0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ACB4D1D-08D2-424B-B4F6-13FCDF034833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*",
"matchCriteriaId": "BA744B2A-B81E-4E97-A720-307041478B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.176:*:*:*:*:*:*:*",
"matchCriteriaId": "E9301CFC-5925-4249-8439-5E2BBAF06687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:*:*:*:*:*:*:*",
"matchCriteriaId": "E4070F9F-F63E-4708-8DA0-339A777383B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5C9DD5AC-7E4C-4A62-A5B3-B179359635A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_management_platform:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72B538F1-CB05-495B-A3F3-24395A1F3B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_management_platform:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "755E4F35-FEAB-488D-825B-C23AF31F03A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68AF67FB-5FC8-4EAA-AF09-35D4740B967F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0B096EB3-F1E7-4933-972A-0E142CA854A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0C13D2DE-7EA0-4963-BA60-5D01E037D954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8D085BB2-1012-4386-AEE9-31870673BF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r7:*:*:*:*:*:*",
"matchCriteriaId": "5E187D85-9F75-4749-9682-29F66D919E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0_sp3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E437831-40EF-437D-A045-DBF6CF3CB0C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el m\u00e9todo RunCmd en Altiris eXpress NS Console Utilities ActiveX control en AeXNSConsoleUtilities.dll en la consola web de Symantec Altiris Deployment Solution v6.9.x, Altiris Notification Server v6.0.x, y Management Platform v7.0.x permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena larga en el segundo argumento."
}
],
"id": "CVE-2009-3033",
"lastModified": "2024-11-21T01:06:21.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-25T16:30:00.750",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/60496"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/37092"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091124_00"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3328"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54415"
},
{
"source": "cve@mitre.org",
"url": "https://kb.altiris.com/article.asp?article=50072\u0026p=1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.altiris.com/article.asp?article=50279\u0026p=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/60496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/37092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091124_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kb.altiris.com/article.asp?article=50072\u0026p=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.altiris.com/article.asp?article=50279\u0026p=1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-08 19:30
Modified
2024-11-21 00:57
Severity ?
Summary
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | * | |
| symantec | altiris_deployment_solution | 6.9.355 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E5D393-D973-4AFA-AF0C-F0E63DC5AE32",
"versionEndExcluding": "6.9.355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:-:*:*:*:*:*:*",
"matchCriteriaId": "679093B0-ECFF-4923-827F-7DBE8458C56A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server."
},
{
"lang": "es",
"value": "Altiris Deployment Solution v6.x anterior a 6.9.355 SP1 de Symantec almacena la contrase\u00f1a de \"Application Identity Account\" (cuenta de identidad de aplicaci\u00f3n) en texto claro, lo que permite a usuarios locales obtener privilegios y modificar clientes de \"Deployment Solution Server\"."
}
],
"id": "CVE-2008-6828",
"lastModified": "2024-11-21T00:57:33.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2009-06-08T19:30:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31773"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31767"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021072"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2876"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46007"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-16 18:17
Modified
2024-11-21 00:35
Severity ?
Summary
Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B111DE6-EA48-4DEB-A1ED-D1078499CCC3",
"versionEndIncluding": "6.8.282",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer."
},
{
"lang": "es",
"value": "Aclient en Symantec Altiris Deployment Solution 6 anterior a 6.8 SP2 (6.8.378) permite a usuarios locales obtener privilegios de System en local mediante el Visor de Archivos de Registro (Log File Viewer)."
}
],
"id": "CVE-2007-4380",
"lastModified": "2024-11-21T00:35:27.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-16T18:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26435"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.08.13.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"source": "cve@mitre.org",
"url": "http://www.irmplc.com/index.php/152-Advisory-022"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25232"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018552"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2879"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.08.13.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.irmplc.com/index.php/152-Advisory-022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36004"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-11 21:05
Modified
2024-11-21 00:45
Severity ?
Summary
Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | * | |
| symantec | altiris_deployment_solution | 6.8 | |
| symantec | altiris_deployment_solution | 6.8.380 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2D3DE87D-33E4-4574-AE73-26E93F57EE9C",
"versionEndIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A1363995-0647-4C83-B3DA-360D5433DCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8.380:*:*:*:*:*:*:*",
"matchCriteriaId": "66BB840E-08C0-443A-A4B4-CAAF476AB728",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory."
},
{
"lang": "es",
"value": "Symantec Altiris Deployment Solution anterior a 6.9.164 almacena en memoria las contrase\u00f1as de Deployment Solution Agent (aka AClient) en texto claro, el cual permite a los usuarios locales obtener informaci\u00f3n sensible volcando el proceso de memoria AClient.exe."
}
],
"id": "CVE-2008-1754",
"lastModified": "2024-11-21T00:45:15.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 1.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-11T21:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29771"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/44388"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28707"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019825"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1197/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/44388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1197/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41771"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-08 23:30
Modified
2024-11-21 01:06
Severity ?
Summary
Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/36502 | Broken Link, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/36110 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1022779 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36502 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36110 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022779 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | 6.9 | |
| symantec | altiris_deployment_solution | 6.9 | |
| symantec | altiris_deployment_solution | 6.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4DC0FB60-BF58-455B-B5D1-97EDF2D6D0E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service."
},
{
"lang": "es",
"value": "Symantec Altiris Deployment Solution v6.9.x anterior a v6.9 SP3 Build 430 no restringe el acceso de forma adecuada al puerto de escucha para el servicio DBManager, esto permite a atacantes remotos evitar la autenticaci\u00f3n y modificar tareas o la base de datos Altiris mediante una conexi\u00f3n a este servicio."
}
],
"id": "CVE-2009-3107",
"lastModified": "2024-11-21T01:06:33.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-08T23:30:00.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36502"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36110"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022779"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-07 21:00
Modified
2024-11-21 01:06
Severity ?
Summary
The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4DC0FB60-BF58-455B-B5D1-97EDF2D6D0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ACB4D1D-08D2-424B-B4F6-13FCDF034833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp4:*:*:*:*:*:*",
"matchCriteriaId": "EE56560F-6F51-479E-B69F-3F750C8A2F31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68AF67FB-5FC8-4EAA-AF09-35D4740B967F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0B096EB3-F1E7-4933-972A-0E142CA854A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1_hf12:*:*:*:*:*:*",
"matchCriteriaId": "9FBCFF03-8C4F-4452-B841-36FEEB95E6F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0C13D2DE-7EA0-4963-BA60-5D01E037D954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8D085BB2-1012-4386-AEE9-31870673BF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r1:*:*:*:*:*:*",
"matchCriteriaId": "ADDD1F0C-3B7B-4D32-933A-A7D3E65B6049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r10:*:*:*:*:*:*",
"matchCriteriaId": "268EEE3E-B7D2-4739-80CB-64284A86CDA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r11:*:*:*:*:*:*",
"matchCriteriaId": "00A3F84C-1C78-4AD9-9EFD-C3E8F0935224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r12:*:*:*:*:*:*",
"matchCriteriaId": "32BA7815-2572-496E-AC6E-4323813EEF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r13:*:*:*:*:*:*",
"matchCriteriaId": "7305D8F0-3928-434D-ADAE-788096731CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r2:*:*:*:*:*:*",
"matchCriteriaId": "4E4DF22A-2516-41F2-B89C-F2424A6C56A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r3:*:*:*:*:*:*",
"matchCriteriaId": "419553B5-49BC-4789-BD32-959CF479062E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r4:*:*:*:*:*:*",
"matchCriteriaId": "9CB72176-8471-443B-BF06-829A51CCF71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r5:*:*:*:*:*:*",
"matchCriteriaId": "4217C68A-2B6A-4C62-88F1-3D22C1BAE7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r6:*:*:*:*:*:*",
"matchCriteriaId": "B1D0DA71-27E9-4AD8-8D73-2F311646E989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r7:*:*:*:*:*:*",
"matchCriteriaId": "5E187D85-9F75-4749-9682-29F66D919E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r8:*:*:*:*:*:*",
"matchCriteriaId": "548B4DF2-D7EC-4BE7-BA52-2BDEF5577F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r9:*:*:*:*:*:*",
"matchCriteriaId": "EC6B03D5-0E10-43CE-9B9A-4E232FF4FAEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:management_platform:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B04B5F5-B488-4F85-9CEB-739E8B99FC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:management_platform:7.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "F153884E-6C9B-4E33-9D01-804AD1FE99A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "03C0AEC5-CB51-455B-A76B-F3F7D60F884A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D740F499-2924-4807-AACE-A60391F9EF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "9A6EB8C4-3D2B-4A78-A670-418B36F0F0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "25FDAAB9-F0E2-448A-B5E8-2E12EE3E2BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F26C12D4-2DC0-4BE2-A4ED-B58EE433352A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method."
},
{
"lang": "es",
"value": "En Altiris eXpress NS SC la descarga del control ActiveX en AeXNSPkgDLLib.dll, como en Symantec Altiris Deployment Solution v6.9.x, Notification Server v6.0.x, y Symantec Management Platform v7.0.x expone un m\u00e9todo inseguro, que permite a atacantes remotos forzar la descarga de archivos arbitrarios y, posiblemente, ejecutar c\u00f3digo arbitrario a trav\u00e9s del m\u00e9todo DownloadAndInstall."
}
],
"id": "CVE-2009-3028",
"lastModified": "2024-11-21T01:06:20.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-07T21:00:01.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36679"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/57893"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36346"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH44885"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090922_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/57893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH44885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090922_00"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-18 14:20
Modified
2024-11-21 00:46
Severity ?
Summary
Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | 6.0 | |
| symantec | altiris_deployment_solution | 6.5.248 | |
| symantec | altiris_deployment_solution | 6.5.299 | |
| symantec | altiris_deployment_solution | 6.8 | |
| symantec | altiris_deployment_solution | 6.8.378 | |
| symantec | altiris_deployment_solution | 6.8.380.0 | |
| symantec | altiris_deployment_solution | 6.8_sp1 | |
| symantec | altiris_deployment_solution | 6.8_sp2 | |
| symantec | altiris_deployment_solution | 6.9 | |
| symantec | altiris_deployment_solution | 6.9.164 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B38C75-7D5A-47ED-A59D-2E5798325C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.5.248:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1EB7F9-0268-4969-A907-D6859962CE7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.5.299:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AA5883-D184-490E-BFA4-3B329C1A843E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6F838B26-BCE1-4663-95B1-B40BAB4F614E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8.378:*:*:*:*:*:*:*",
"matchCriteriaId": "57F30D89-6939-4BE7-B1FA-2F3C3CD6989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8.380.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE8C69C-6604-4244-9634-D8D1CE2B3AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8_sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "38FC8F7A-0730-4386-A54E-579CFC8481BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8_sp2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D1295BD-1A1E-43EF-B99A-44D45051B41C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*",
"matchCriteriaId": "BA744B2A-B81E-4E97-A720-307041478B97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en un elemento tooltip en Symantec Altiris Deployment Solution 6.8.x y 6.9.x anterior a 6.9.176 permite a usuarios locales obtener privilegios mediante vectores de ataque desconocidos."
}
],
"id": "CVE-2008-2289",
"lastModified": "2024-11-21T00:46:31.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-18T14:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30261"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29218"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42440"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-18 14:20
Modified
2024-11-21 00:46
Severity ?
Summary
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | 6.8 | |
| symantec | altiris_deployment_solution | 6.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6F838B26-BCE1-4663-95B1-B40BAB4F614E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information."
},
{
"lang": "es",
"value": "Symantec Altiris Deployment Solution 6.8.x y 6.9.x anterior a 6.9.176 no tiene suficiente control de acceso para eliminaci\u00f3n y modificaci\u00f3n de claves de registro, que permite a usuarios locales provocar una denegaci\u00f3n de servicio u obtener informaci\u00f3n sensible."
}
],
"id": "CVE-2008-2288",
"lastModified": "2024-11-21T00:46:31.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-18T14:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30261"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29196"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42441"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-18 14:20
Modified
2024-11-21 00:46
Severity ?
Summary
axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | * | |
| symantec | altiris_deployment_solution | 6.8 | |
| symantec | altiris_deployment_solution | 6.8 | |
| symantec | altiris_deployment_solution | 6.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA261C52-F28F-4815-B7E4-A32CCAD4E976",
"versionEndExcluding": "6.9.176",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:-:*:*:*:*:*:*",
"matchCriteriaId": "5327C051-309B-4E80-B96F-6F71C0294C98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A1363995-0647-4C83-B3DA-360D5433DCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9834A783-AB15-489F-A146-0D0D5A9DB5E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials."
},
{
"lang": "es",
"value": "axengine.exe en Symantec Altiris Deployment Solution 6.8.x y 6.9.x en versiones anteriores a 6.9.176 genera credenciales con un sal fijado o sin sal, lo que hace que sea m\u00e1s f\u00e1cil para atacantes remotos adivinar las credenciales de dominio cifradas."
}
],
"id": "CVE-2008-2291",
"lastModified": "2024-11-21T00:46:31.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-18T14:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30261"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.insomniasec.com/advisories/ISVA-080516.2.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/492128/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/492228/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/29199"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020024"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-025/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122167472229965\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.insomniasec.com/advisories/ISVA-080516.2.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/492128/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/492228/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/29199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-025/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42437"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-11 20:30
Modified
2024-11-21 01:06
Severity ?
Summary
Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) "Symantec Altiris Deployment Solution 6.9 exploit, (2) "Symantec Altiris Deployment Solution 6.9 exploit (II)," and (3) "Symantec Altiris Deployment Solution 6.9 exploit (III)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | 6.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) \"Symantec Altiris Deployment Solution 6.9 exploit, (2) \"Symantec Altiris Deployment Solution 6.9 exploit (II),\" and (3) \"Symantec Altiris Deployment Solution 6.9 exploit (III).\" NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en Symantec Altiris Deployment Solution v6.9, podr\u00edan permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores de ataque del lado del cliente, como se demostr\u00f3 por un m\u00f3dulo concreto en VulnDisco Pack Professional v7.17, como se identific\u00f3 por (1) exploit \"Symantec Altiris Deployment Solution v6.9, (2) exploit \"Symantec Altiris Deployment Solution v6.9 (II),\" y (3) exploit \"Symantec Altiris Deployment Solution v6.9 (III).\" NOTA, como en 20090909, de esta informaci\u00f3n no se tiene informaci\u00f3n de la acci\u00f3n. Sin embargo, debido a que el autor VulnDisco Pack es un investigador confiable, se le ha asignado un identificador CVE con fines de seguimiento."
}
],
"id": "CVE-2009-3179",
"lastModified": "2024-11-21T01:06:42.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-11T20:30:01.170",
"references": [
{
"source": "cve@mitre.org",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36587"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36247"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-08 19:30
Modified
2024-11-21 00:57
Severity ?
Summary
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | * | |
| symantec | altiris_deployment_solution | 6.9.355 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF6A8E-0812-4686-840C-193C32339936",
"versionEndExcluding": "6.9.355",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:-:*:*:*:*:*:*",
"matchCriteriaId": "679093B0-ECFF-4923-827F-7DBE8458C56A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a \"Shatter\" style attack on the \"command prompt\" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function."
},
{
"lang": "es",
"value": "El control \"ListView\" (vista de lista) del cliente de interfaz gr\u00e1fico (AClient.exe) en Altiris Deployment Solution v6.x anterior a 6.9.355 SP1 de Symantec permite a usuarios locales obtener privilegios de SYSTEM y ejecutar comandos de su elecci\u00f3n a trav\u00e9s un tipo de ataque \"Shatter\" en el bot\u00f3n oculto del interfaz gr\u00e1fico \"command prompt\" para (1) sobreescribir el par\u00e1metro CommandLine a cmd.exe para usar privilegios de SYSTEM y (2) modificar la DLL que es cargada usando la funci\u00f3n de la API LoadLibrary."
}
],
"id": "CVE-2008-6827",
"lastModified": "2024-11-21T00:57:33.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2009-06-08T19:30:00.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122460544316205\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/49426"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31773"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.insomniasec.com/advisories/ISVA-081020.1.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31766"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021071"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.10.20a.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2876"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122460544316205\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/49426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.insomniasec.com/advisories/ISVA-081020.1.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.10.20a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46006"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-18 15:30
Modified
2024-11-21 00:51
Severity ?
Summary
Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autonomy:keyview_export_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B16D7CE-3770-46A6-BECA-76989E9639BE",
"versionEndIncluding": "10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autonomy:keyview_export_sdk:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB3799E-43FC-40AA-85EC-72D87962C95D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autonomy:keyview_export_sdk:9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B92810D7-A5C2-4118-8B67-9E1A49C6C4D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autonomy:keyview_export_sdk:10:*:*:*:*:*:*:*",
"matchCriteriaId": "893D0CC9-971E-4C78-AD80-D004D8BB5F37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autonomy:keyview_export_sdk:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15B8E1D9-ADF9-40B2-A652-53CDEF60FAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autonomy:keyview_filter_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "177E8A5C-0812-47BC-9CFC-F8E25A0F42AB",
"versionEndIncluding": "10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autonomy:keyview_filter_sdk:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E3B7CC-48D2-4EB0-A0D9-44AA6947CF65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autonomy:keyview_filter_sdk:9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B90F221E-6C5A-4844-A098-53BE40E78A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autonomy:keyview_filter_sdk:10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F4A68C-EF5D-41BB-A518-D277927D80D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autonomy:keyview_filter_sdk:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6E0041-6647-4B04-B4C1-019E1F12E606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autonomy:keyview_viewer_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD370EEA-A33C-45B2-8FC6-C419AD6468E4",
"versionEndIncluding": "10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autonomy:keyview_viewer_sdk:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE65E34-052C-4614-BA69-71D96EBC65E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autonomy:keyview_viewer_sdk:9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D56C0E-3403-4B91-A064-69E46770FBBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autonomy:keyview_viewer_sdk:10:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB6C6D0-0848-45D0-ACA7-03B46F42AE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autonomy:keyview_viewer_sdk:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E50CAF0-1F3A-4F57-A8DA-91B7840BBE3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4B2601-B62F-4235-BFFD-281235737450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "273DF27B-9441-4925-BD7E-5709D7D059EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E234AD1-7202-421E-82C8-880E84876021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55D037CC-1207-48E2-882E-8B236EE7138F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5059BEF2-84EB-4B5F-84F5-9E3200B068F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB71B7AA-957B-46A6-9BC9-CE23EC721189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46CF28C0-51AD-4783-B1F0-205DF64D133A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0015A2-A70E-4B0C-B59A-44F5F611293D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D94927A9-61FD-459F-9A6D-E581A4AF505C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B32BA2-9EB7-4294-A857-226A5B1CC401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF64CA16-6C20-42E1-BA68-BD63A873BFA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "12D7DD7B-CA90-44A5-9B7B-4A4985150689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C63D40DF-C6F3-4502-9816-939265F10532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.5:*:fp2:*:*:*:*:*",
"matchCriteriaId": "F8B5BF9A-F8A7-4C2B-B093-8226D0ED1425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.5:*:fp3:*:*:*:*:*",
"matchCriteriaId": "04CB50C2-2B01-4A68-BE96-1127B9954F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4598C4A8-B19D-4562-A5B5-D3B090F0C8D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.6:*:fp2:*:*:*:*:*",
"matchCriteriaId": "66D334E1-9326-4D0A-8D87-572F3E6B44BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68AEB13D-C7C6-426F-8484-85EFF7245DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94646433-DE15-4214-9C78-7D1DAB5A12D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3449A490-865A-4262-8482-429DEF455644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2:*:fp1:*:*:*:*:*",
"matchCriteriaId": "5614CD60-7690-47E6-AEB3-FB0151EB264C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F01C5CFC-7FB8-4D29-95AC-8EF59B0C170D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "692E295E-E650-42D5-AF7A-D6276C3D76E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6701EB-AF87-4B63-A8B5-AA27C28DFFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail:5.0:*:appliance:*:*:*:*:*",
"matchCriteriaId": "E1BE16AC-118D-4BA0-AE37-3DB2E4E417DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention_detection_servers:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F945149-43CC-4EAC-9A78-C6A3BA6FAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D42BEF4-9BB4-4CCF-9395-C306C3CEBB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "DC2C0DBF-382C-4F96-8497-2FABD7CB67C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "42A91935-15AC-4F64-AD3D-EFAD08955562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37076C05-12CE-484C-AB10-711BABFF6992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A5F3BAC-B470-4FB7-88AF-47A33D46EF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:enforce:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CFD0A99F-6B8A-4BB9-B8A7-40BB5D7B7CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:enforce:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8960720-5DF0-4F4C-9603-09A85FAF843D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:enforce:8.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "3E9D9CE3-109C-4035-9934-2B457268985D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:enforce:8.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "E258E769-38CC-4E62-8158-3D549263ED1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0:*:appliance:*:*:*:*:*",
"matchCriteriaId": "0648861C-A58E-4103-8720-4480C2F098FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C890707A-D2DF-403A-87CB-2AB01E85D8B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*",
"matchCriteriaId": "5E7788BD-652E-4306-AED0-6AE7F9A07836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0.0.24:*:appliance:*:*:*:*:*",
"matchCriteriaId": "977786AB-A76C-4A1C-8999-BF4A5E08F8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*",
"matchCriteriaId": "A8430D5E-A8A7-4724-8A6B-B5E2CA437729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0.1.181:*:smtp:*:*:*:*:*",
"matchCriteriaId": "D602A441-863D-4E90-A01D-57C41725D008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0.1.182:*:smtp:*:*:*:*:*",
"matchCriteriaId": "A792A9C1-95EF-4CE2-B14F-3DEE09BFAF8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0.1.189:*:smtp:*:*:*:*:*",
"matchCriteriaId": "5D9C7B86-7F9A-4DF8-A4DF-9A7CA5991D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0.1.200:*:smtp:*:*:*:*:*",
"matchCriteriaId": "0117D61C-DEE6-4803-9CF8-27EEBAA493CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0.10:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "5BF163AF-E470-492A-940C-B2FB37AA2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0.11:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "95D5B1CF-6C20-4D66-9D30-631441FA953B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:6.0.6:microsoft_exchange:*:*:*:*:*:*",
"matchCriteriaId": "5BBAE476-DB98-4464-81DF-8EC386E808B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:6.0.7:microsoft_exchange:*:*:*:*:*:*",
"matchCriteriaId": "225BA7A2-8C45-42F1-921B-105CF8F0F22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:7.5..4.29:*:domino:*:*:*:*:*",
"matchCriteriaId": "B1E6B709-B44B-47AC-A7FF-0C248D777D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:7.5.3.25:*:domino:*:*:*:*:*",
"matchCriteriaId": "07FADB30-A418-43C5-A798-4769C5350E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:7.5.5.32:*:domino:*:*:*:*:*",
"matchCriteriaId": "70F1A708-9914-4875-B594-D8A9D65182D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en wp6sr.dll en el Autonomy KeyView SDK 10.4 y anteriores, como es usado en IBM Lotus Notes, productos Symantec Mail Security (SMS), productos Symantec BrightMail Appliance y productos Symantec Data Loss Prevention (DLP) permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero Word Perfect Document (WPD) manipulado."
}
],
"id": "CVE-2008-4564",
"lastModified": "2024-11-21T00:51:59.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-18T15:30:00.267",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/52713"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34303"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34307"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34318"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34355"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1021856"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1021857"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?rs=463\u0026uid=swg21377573"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/276563"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34086"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021859"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2009.03.17a.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0744"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0756"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0757"
},
{
"source": "cve@mitre.org",
"url": "https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/52713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?rs=463\u0026uid=swg21377573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/276563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2009.03.17a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49284"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-19 19:29
Modified
2024-11-21 01:11
Severity ?
Summary
DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/38410 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20100420_00 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/38410 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20100420_00 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | altiris_deployment_solution | 6.9 | |
| symantec | altiris_deployment_solution | 6.9 | |
| symantec | altiris_deployment_solution | 6.9 | |
| symantec | altiris_deployment_solution | 6.9 | |
| symantec | altiris_deployment_solution | 6.9.164 | |
| symantec | altiris_deployment_solution | 6.9.176 | |
| symantec | altiris_deployment_solution | 6.9.355 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4DC0FB60-BF58-455B-B5D1-97EDF2D6D0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ACB4D1D-08D2-424B-B4F6-13FCDF034833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*",
"matchCriteriaId": "BA744B2A-B81E-4E97-A720-307041478B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.176:*:*:*:*:*:*:*",
"matchCriteriaId": "E9301CFC-5925-4249-8439-5E2BBAF06687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:*:*:*:*:*:*:*",
"matchCriteriaId": "E4070F9F-F63E-4708-8DA0-339A777383B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request."
},
{
"lang": "es",
"value": "DBManager en Symantec Altiris Deployment Solution en versiones 6.9.x anteriores a DS 6.9 SP4 permite que los atacantes remotos provoquen una denegaci\u00f3n de servicio (DoS) mediante una petici\u00f3n manipulada."
}
],
"id": "CVE-2010-0109",
"lastModified": "2024-11-21T01:11:33.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-19T19:29:00.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/38410"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20100420_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/38410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20100420_00"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}