Vulnerability Description
The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Altiris Deployment Solution | 6.9 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/36502Vendor Advisory
- http://www.securityfocus.com/bid/36111
- http://www.securitytracker.com/id?1022779
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
- http://secunia.com/advisories/36502Vendor Advisory
- http://www.securityfocus.com/bid/36111
- http://www.securitytracker.com/id?1022779
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
FAQ
What is CVE-2009-3108?
CVE-2009-3108 is a vulnerability with a CVSS score of 7.2 (HIGH). The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain ...
How severe is CVE-2009-3108?
CVE-2009-3108 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3108?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Altiris Deployment Solution.