CVE-2004-2622

Sažetak

AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access.

Reference

http://archives.neohapsis.com/archives/bugtraq/2004-10/0211.html
http://archives.neohapsis.com/archives/bugtraq/2004-10/0266.html
http://packetstorm.linuxsecurity.com/0410-advisories/index2.html
http://secunia.com/advisories/12944
http://securitytracker.com/id?1011862
http://www.altiris.com/support/forum/Framesearch.aspx?vpath=/aexkb/public%20articles/6.x/deployment%20solution/kb/ds%20client%20security%20kb%20article%2010-22-04.doc&art=AKB6859&source=Altiris%20Helpdesk&artID=23644&refpara=532392&key=akb6859
http://www.osvdb.org/11031
http://www.securityfocus.com/bid/11498
https://exchange.xforce.ibmcloud.com/vulnerabilities/17814

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

20-07-2017 - 01:29

Objavljeno

31-12-2004 - 05:00