Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2622

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-2622
Last Modified 05 Sep 2008 04:44:39
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2622

Summary

AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access.

Vulnerable Systems

Application

  • Altiris Deployment Server Extension For Ibm Director 5.0.1

  • Altiris Deployment Server Extension For Ibm Director 5.5

  • Altiris Deployment Server Extension For Ibm Director 6.0

  • Altiris Deployment Server Extension For Ibm Director 6.1


References

XF - altiris-gain-unauth-access(17814)

BID - 11498

OSVDB - 11031

CONFIRM - http://www.altiris.com/support/forum/Framesearch.aspx?vpath=/aexkb/public%20articles/6.x/deployment%20solution/kb/ds%20client%20security%20kb%20article%2010-22-04.doc&art=AKB6859&source=Altiris%20Helpdesk&artID=23644&refpara=532392&key=akb6859

SECTRACK - 1011862

SECUNIA - 12944

CONFIRM - http://packetstorm.linuxsecurity.com/0410-advisories/index2.html

BUGTRAQ - 20041025 RE: Critical Vulnerability in Altiris Deployment Server architecture

BUGTRAQ - 20041021 Critical Vulnerability in Altiris Deployment Server architecture


Last Updated: 27 May 2016 10:39:33