CVE-2005-1590 - OpenCVE

The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Altiris	Client Service Deployment Solution

Configuration 1 [-]

OR	cpe:2.3:a:altiris:client_service:6.0.88:::::::*
	cpe:2.3:a:altiris:deployment_solution:5.6:sp1::::::
	cpe:2.3:a:altiris:deployment_solution:5.6.181:::::::*
	cpe:2.3:a:altiris:deployment_solution:6.0:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0614.html
http://secunia.com/advisories/15159
http://www.osvdb.org/15897

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-05-16T04:00:00

Updated: 2024-08-07T21:59:22.625Z

Reserved: 2005-05-16T00:00:00

Link: CVE-2005-1590

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2005-05-16T04:00:00.000

Modified: 2008-09-05T20:49:33.123

Link: CVE-2005-1590

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-04-29T00:00:00", "descriptions": [{"lang": "en", "value": "The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the \"Altiris Client Service\" hidden window, disabling the password protection, disabling the \"Hide client tray icon box\" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "15897", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/15897"}, {"name": "20050427 Privilege escalation and password protection bypass in Altiris Client Service for Windows (Version 6.0.88)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0614.html"}, {"name": "15159", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/15159"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-1590", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the \"Altiris Client Service\" hidden window, disabling the password protection, disabling the \"Hide client tray icon box\" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "15897", "refsource": "OSVDB", "url": "http://www.osvdb.org/15897"}, {"name": "20050427 Privilege escalation and password protection bypass in Altiris Client Service for Windows (Version 6.0.88)", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0614.html"}, {"name": "15159", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/15159"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T21:59:22.625Z"}, "title": "CVE Program Container", "references": [{"name": "15897", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/15897"}, {"name": "20050427 Privilege escalation and password protection bypass in Altiris Client Service for Windows (Version 6.0.88)", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0614.html"}, {"name": "15159", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/15159"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-1590", "datePublished": "2005-05-16T04:00:00", "dateReserved": "2005-05-16T00:00:00", "dateUpdated": "2024-08-07T21:59:22.625Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:altiris:client_service:6.0.88:*:*:*:*:*:*:*", "matchCriteriaId": "055CDF89-6BB9-40FB-9972-E29A812B0763", "vulnerable": true}, {"criteria": "cpe:2.3:a:altiris:deployment_solution:5.6:sp1:*:*:*:*:*:*", "matchCriteriaId": "1BB400B1-E748-4523-877C-AA254877CCC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:altiris:deployment_solution:5.6.181:*:*:*:*:*:*:*", "matchCriteriaId": "6C413719-FF42-4EAA-A524-5DE756457124", "vulnerable": true}, {"criteria": "cpe:2.3:a:altiris:deployment_solution:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A834C4D-ADDF-4FAB-A0F6-9288C4655450", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the \"Altiris Client Service\" hidden window, disabling the password protection, disabling the \"Hide client tray icon box\" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070."}], "id": "CVE-2005-1590", "lastModified": "2008-09-05T20:49:33.123", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-05-16T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0614.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/15159"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.osvdb.org/15897"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}