Vulnerability Description
Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Altiris Deployment Solution | 6.9 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/36502Broken LinkVendor Advisory
- http://www.securityfocus.com/bid/36110Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1022779Broken LinkThird Party AdvisoryVDB Entry
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securitBroken Link
- http://secunia.com/advisories/36502Broken LinkVendor Advisory
- http://www.securityfocus.com/bid/36110Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1022779Broken LinkThird Party AdvisoryVDB Entry
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securitBroken Link
FAQ
What is CVE-2009-3107?
CVE-2009-3107 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentic...
How severe is CVE-2009-3107?
CVE-2009-3107 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3107?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Altiris Deployment Solution.