Lucene search

MitreCVE-2009-3110

HistorySep 08, 2009 - 11:30 p.m.

CVE-2009-3110

2009-09-0823:30:00

CWE-362

mitre

web.nvd.nist.gov

symantec

altiris

deployment solution

cve-2009-3110

race condition

file transfer

security vulnerability

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

51.1%

JSON

Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does.

Affected configurations

Nvd

Node

symantecaltiris_deployment_solutionMatch6.9

symantecaltiris_deployment_solutionMatch6.9sp1

symantecaltiris_deployment_solutionMatch6.9.164

symantecaltiris_deployment_solutionMatch6.9.176

symantecaltiris_deployment_solutionMatch6.9.355

symantecaltiris_deployment_solutionMatch6.9.355sp1

VendorProductVersionCPE
symantecaltiris_deployment_solution6.9cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
symantecaltiris_deployment_solution6.9cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*
symantecaltiris_deployment_solution6.9.164cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*
symantecaltiris_deployment_solution6.9.176cpe:2.3:a:symantec:altiris_deployment_solution:6.9.176:*:*:*:*:*:*:*
symantecaltiris_deployment_solution6.9.355cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:*:*:*:*:*:*:*
symantecaltiris_deployment_solution6.9.355cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	altiris_deployment_solution	6.9	cpe:2.3:a:symantec:altiris_deployment_solution:6.9:::::::*
symantec	altiris_deployment_solution	6.9	cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1::::::
symantec	altiris_deployment_solution	6.9.164	cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:::::::*
symantec	altiris_deployment_solution	6.9.176	cpe:2.3:a:symantec:altiris_deployment_solution:6.9.176:::::::*
symantec	altiris_deployment_solution	6.9.355	cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:::::::*
symantec	altiris_deployment_solution	6.9.355	cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:sp1::::::

References

secunia.com/advisories/36502

www.securityfocus.com/bid/36113

www.securitytracker.com/id?1022779

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

51.1%

JSON

Related for CVE-2009-3110