CVE-2009-3179

Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) "Symantec Altiris Deployment Solution 6.9 exploit, (2) "Symantec Altiris Deployment Solution 6.9 exploit (II)," and (3) "Symantec Altiris Deployment Solution 6.9 exploit (III)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://intevydis.com/vd-list.shtml
http://secunia.com/advisories/36587	Vendor Advisory
http://www.securityfocus.com/bid/36247
http://intevydis.com/vd-list.shtml
http://secunia.com/advisories/36587	Vendor Advisory
http://www.securityfocus.com/bid/36247

Configurations

Configuration 1 (hide)

cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*

History

21 Nov 2024, 01:06

Type	Values Removed	Values Added
References	~~() http://intevydis.com/vd-list.shtml -~~	() http://intevydis.com/vd-list.shtml -
References	~~() http://secunia.com/advisories/36587 - Vendor Advisory~~	() http://secunia.com/advisories/36587 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/36247 -~~	() http://www.securityfocus.com/bid/36247 -

Information

Published : 2009-09-11 20:30

Updated : 2024-11-21 01:06

NVD link : CVE-2009-3179

Mitre link : CVE-2009-3179

CVE.ORG link : CVE-2009-3179

JSON object : View

Products Affected

symantec

altiris_deployment_solution

CWE

NVD-CWE-noinfo

{"id": "CVE-2009-3179", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-09-11T20:30:01.170", "references": [{"url": "http://intevydis.com/vd-list.shtml", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36587", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/36247", "source": "cve@mitre.org"}, {"url": "http://intevydis.com/vd-list.shtml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/36587", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/36247", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) \"Symantec Altiris Deployment Solution 6.9 exploit, (2) \"Symantec Altiris Deployment Solution 6.9 exploit (II),\" and (3) \"Symantec Altiris Deployment Solution 6.9 exploit (III).\" NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en Symantec Altiris Deployment Solution v6.9, podr\u00edan permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores de ataque del lado del cliente, como se demostr\u00f3 por un m\u00f3dulo concreto en VulnDisco Pack Professional v7.17, como se identific\u00f3 por (1) exploit \"Symantec Altiris Deployment Solution v6.9, (2) exploit \"Symantec Altiris Deployment Solution v6.9 (II),\" y (3) exploit \"Symantec Altiris Deployment Solution v6.9 (III).\" NOTA, como en 20090909, de esta informaci\u00f3n no se tiene informaci\u00f3n de la acci\u00f3n. Sin embargo, debido a que el autor VulnDisco Pack es un investigador confiable, se le ha asignado un identificador CVE con fines de seguimiento."}], "lastModified": "2024-11-21T01:06:42.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}