Vulnerability Description
AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Altiris | Deployment Server Extension For Ibm Director | 5.0.1 |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-10/0211.htmlVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2004-10/0266.html
- http://packetstorm.linuxsecurity.com/0410-advisories/index2.html
- http://secunia.com/advisories/12944Vendor Advisory
- http://securitytracker.com/id?1011862Vendor Advisory
- http://www.altiris.com/support/forum/Framesearch.aspx?vpath=/aexkb/public%20arti
- http://www.osvdb.org/11031
- http://www.securityfocus.com/bid/11498
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17814
- http://archives.neohapsis.com/archives/bugtraq/2004-10/0211.htmlVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2004-10/0266.html
- http://packetstorm.linuxsecurity.com/0410-advisories/index2.html
- http://secunia.com/advisories/12944Vendor Advisory
- http://securitytracker.com/id?1011862Vendor Advisory
- http://www.altiris.com/support/forum/Framesearch.aspx?vpath=/aexkb/public%20arti
FAQ
What is CVE-2004-2622?
CVE-2004-2622 is a vulnerability with a CVSS score of 10.0 (HIGH). AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator...
How severe is CVE-2004-2622?
CVE-2004-2622 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2622?
Check the references section above for vendor advisories and patch information. Affected products include: Altiris Deployment Server Extension For Ibm Director.