CVE-2009-3035

Sažetak

The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.

Reference

http://osvdb.org/62010
http://secunia.com/advisories/38356
http://www.securityfocus.com/bid/37953
http://www.securitytracker.com/id?1023521
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100128_00
http://www.vupen.com/english/advisories/2010/0256
https://exchange.xforce.ibmcloud.com/vulnerabilities/55952

CVSS

Base:	4.3
Impact:	6.4
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-08-2017 - 01:31

Objavljeno

02-02-2010 - 16:30