CVE-2009-3107 - OpenCVE

Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Symantec	Altiris Deployment Solution

Configuration 1 [-]

OR	cpe:2.3:a:symantec:altiris_deployment_solution:6.9:::::::*
	cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1::::::
	cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2::::::

No data.

References

Link	Providers
http://secunia.com/advisories/36502
http://www.securityfocus.com/bid/36110
http://www.securitytracker.com/id?1022779
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-09-08T23:00:00

Updated: 2024-08-07T06:14:56.367Z

Reserved: 2009-09-08T00:00:00

Link: CVE-2009-3107

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2009-09-08T23:30:00.563

Modified: 2024-02-13T17:38:51.097

Link: CVE-2009-3107

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-08-26T00:00:00", "descriptions": [{"lang": "en", "value": "Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-02-07T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "36502", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36502"}, {"name": "36110", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36110"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00"}, {"name": "1022779", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022779"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3107", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "36502", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36502"}, {"name": "36110", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36110"}, {"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00", "refsource": "CONFIRM", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00"}, {"name": "1022779", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022779"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:14:56.367Z"}, "title": "CVE Program Container", "references": [{"name": "36502", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36502"}, {"name": "36110", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36110"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00"}, {"name": "1022779", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022779"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3107", "datePublished": "2009-09-08T23:00:00", "dateReserved": "2009-09-08T00:00:00", "dateUpdated": "2024-08-07T06:14:56.367Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*", "matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*", "matchCriteriaId": "EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*", "matchCriteriaId": "4DC0FB60-BF58-455B-B5D1-97EDF2D6D0E5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service."}, {"lang": "es", "value": "Symantec Altiris Deployment Solution v6.9.x anterior a v6.9 SP3 Build 430 no restringe el acceso de forma adecuada al puerto de escucha para el servicio DBManager, esto permite a atacantes remotos evitar la autenticaci\u00f3n y modificar tareas o la base de datos Altiris mediante una conexi\u00f3n a este servicio."}], "id": "CVE-2009-3107", "lastModified": "2024-02-13T17:38:51.097", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-09-08T23:30:00.563", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/36502"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/36110"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1022779"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}