CVE-2004-2622

AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2004-10/0211.html	Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2004-10/0266.html
http://packetstorm.linuxsecurity.com/0410-advisories/index2.html
http://secunia.com/advisories/12944	Vendor Advisory
http://securitytracker.com/id?1011862	Vendor Advisory
http://www.altiris.com/support/forum/Framesearch.aspx?vpath=/aexkb/public%20articles/6.x/deployment%20solution/kb/ds%20client%20security%20kb%20article%2010-22-04.doc&art=AKB6859&source=Altiris%20Helpdesk&artID=23644&refpara=532392&key=akb6859
http://www.osvdb.org/11031
http://www.securityfocus.com/bid/11498
https://exchange.xforce.ibmcloud.com/vulnerabilities/17814

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:5.0.1:::::::*
	cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:5.5:::::::*
	cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:6.0:::::::*
	cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:6.1:::::::*
	cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:6.1:sp1::::::

History

No history.

Information

Published : 2004-12-31 05:00

Updated : 2023-12-10 10:28

NVD link : CVE-2004-2622

Mitre link : CVE-2004-2622

CVE.ORG link : CVE-2004-2622

JSON object : View

Products Affected

altiris

deployment_server_extension_for_ibm_director

CWE

NVD-CWE-Other

{"id": "CVE-2004-2622", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0211.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0266.html", "source": "cve@mitre.org"}, {"url": "http://packetstorm.linuxsecurity.com/0410-advisories/index2.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/12944", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1011862", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.altiris.com/support/forum/Framesearch.aspx?vpath=/aexkb/public%20articles/6.x/deployment%20solution/kb/ds%20client%20security%20kb%20article%2010-22-04.doc&art=AKB6859&source=Altiris%20Helpdesk&artID=23644&refpara=532392&key=akb6859", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/11031", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11498", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17814", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access."}], "lastModified": "2017-07-20T01:29:02.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA040850-DCAF-46F4-B71B-01F568357E02"}, {"criteria": "cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1066B592-FF74-4EA0-BC6B-303E55360AEC"}, {"criteria": "cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B04343ED-B796-4205-9826-247E6218829E"}, {"criteria": "cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94A19001-29B1-4C22-B863-7BD6C9AF87F2"}, {"criteria": "cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:6.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01B173BC-734F-42AE-A4F3-C4E1DFD4DCDA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}