CVE-2009-3035 (GCVE-0-2009-3035)

Vulnerability from cvelistv5 – Published: 2010-02-02 16:25 – Updated: 2024-08-07 06:14
VLAI?
Summary
The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/38356 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/37953 vdb-entryx_refsource_BID
http://osvdb.org/62010 vdb-entryx_refsource_OSVDB
http://www.symantec.com/security_response/securit… x_refsource_CONFIRM
http://www.securitytracker.com/id?1023521 vdb-entryx_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.vupen.com/english/advisories/2010/0256 vdb-entryx_refsource_VUPEN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:14:56.392Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38356",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38356"
          },
          {
            "name": "37953",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37953"
          },
          {
            "name": "62010",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/62010"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100128_00"
          },
          {
            "name": "1023521",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023521"
          },
          {
            "name": "symantec-ans-key-unauth-access(55952)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55952"
          },
          {
            "name": "ADV-2010-0256",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0256"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "38356",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38356"
        },
        {
          "name": "37953",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37953"
        },
        {
          "name": "62010",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/62010"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100128_00"
        },
        {
          "name": "1023521",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023521"
        },
        {
          "name": "symantec-ans-key-unauth-access(55952)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55952"
        },
        {
          "name": "ADV-2010-0256",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0256"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3035",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "38356",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38356"
            },
            {
              "name": "37953",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37953"
            },
            {
              "name": "62010",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/62010"
            },
            {
              "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100128_00",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100128_00"
            },
            {
              "name": "1023521",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023521"
            },
            {
              "name": "symantec-ans-key-unauth-access(55952)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55952"
            },
            {
              "name": "ADV-2010-0256",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0256"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3035",
    "datePublished": "2010-02-02T16:25:00",
    "dateReserved": "2009-08-31T00:00:00",
    "dateUpdated": "2024-08-07T06:14:56.392Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68AF67FB-5FC8-4EAA-AF09-35D4740B967F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B096EB3-F1E7-4933-972A-0E142CA854A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C13D2DE-7EA0-4963-BA60-5D01E037D954\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D085BB2-1012-4386-AEE9-31870673BF55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r7:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E187D85-9F75-4749-9682-29F66D919E12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r8:*:*:*:*:*:*\", \"matchCriteriaId\": \"548B4DF2-D7EC-4BE7-BA52-2BDEF5577F49\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.\"}, {\"lang\": \"es\", \"value\": \"La consola web Symantec Altiris Notification Server v6.0.x anterior a v6.0 SP3 R12, usa una clave embebida que puede descifrar las credenciales del servidor SQL y otro tipo de credenciales. Almacena esta clave en la m\\u00e1quina Notification Server, lo que permite a usuarios locales obtener informaci\\u00f3n sensible y posiblemente, ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de estas credenciales.\"}]",
      "id": "CVE-2009-3035",
      "lastModified": "2024-11-21T01:06:21.713",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 4.3, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.1, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2010-02-02T16:30:02.127",
      "references": "[{\"url\": \"http://osvdb.org/62010\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/38356\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/37953\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1023521\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100128_00\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0256\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/55952\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/62010\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/38356\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/37953\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1023521\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100128_00\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0256\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/55952\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-255\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-3035\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-02-02T16:30:02.127\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.\"},{\"lang\":\"es\",\"value\":\"La consola web Symantec Altiris Notification Server v6.0.x anterior a v6.0 SP3 R12, usa una clave embebida que puede descifrar las credenciales del servidor SQL y otro tipo de credenciales. Almacena esta clave en la m\u00e1quina Notification Server, lo que permite a usuarios locales obtener informaci\u00f3n sensible y posiblemente, ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de estas credenciales.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":4.3,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.1,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68AF67FB-5FC8-4EAA-AF09-35D4740B967F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B096EB3-F1E7-4933-972A-0E142CA854A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C13D2DE-7EA0-4963-BA60-5D01E037D954\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D085BB2-1012-4386-AEE9-31870673BF55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r7:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E187D85-9F75-4749-9682-29F66D919E12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r8:*:*:*:*:*:*\",\"matchCriteriaId\":\"548B4DF2-D7EC-4BE7-BA52-2BDEF5577F49\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/62010\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38356\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/37953\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1023521\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100128_00\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0256\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55952\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/62010\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38356\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/37953\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1023521\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100128_00\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0256\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.