FKIE_CVE-2009-3110

Vulnerability from fkie_nvd - Published: 2009-09-08 23:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does.
References
cve@mitre.orghttp://secunia.com/advisories/36502Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/36113
cve@mitre.orghttp://www.securitytracker.com/id?1022779
cve@mitre.orghttp://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36502Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36113
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022779
af854a3a-2127-422b-91ae-364da2661108http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00
Impacted products
Vendor Product Version
symantec altiris_deployment_solution 6.9
symantec altiris_deployment_solution 6.9
symantec altiris_deployment_solution 6.9.164
symantec altiris_deployment_solution 6.9.176
symantec altiris_deployment_solution 6.9.355
symantec altiris_deployment_solution 6.9.355
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA744B2A-B81E-4E97-A720-307041478B97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.176:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9301CFC-5925-4249-8439-5E2BBAF06687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4070F9F-F63E-4708-8DA0-339A777383B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5C9DD5AC-7E4C-4A62-A5B3-B179359635A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does."
    },
    {
      "lang": "es",
      "value": "Condici\u00f3n de carrera en la funcionalidad de transferencia de ficheros en Symantec Altiris Deployment Solution v6.9.x anterior a v6.9 SP3 Build 430, permite a atacantes remotos leer archivos sensibles y prevenir las actualizaciones de los clientes mediante la conexi\u00f3n a un puerto de transferencia antes de que lo  haga el autentico cliente."
    }
  ],
  "id": "CVE-2009-3110",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-08T23:30:00.657",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36502"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36113"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1022779"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36502"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_00"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.