CVE-2009-3109
published 2009-09-08CVE-2009-3109: Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being…
PriorityP260critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
3.76%
88.6th percentile
Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| symantec | altiris_deployment_solution | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/36502http://www.securityfocus.com/bid/36112http://www.securitytracker.com/id?1022779http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00http://secunia.com/advisories/36502http://www.securityfocus.com/bid/36112http://www.securitytracker.com/id?1022779http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00
2009-09-08
Published