CVE-2005-1590

The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0614.html	Exploit Vendor Advisory
http://secunia.com/advisories/15159	Vendor Advisory
http://www.osvdb.org/15897	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:altiris:client_service:6.0.88:::::::*
	cpe:2.3:a:altiris:deployment_solution:5.6:sp1::::::
	cpe:2.3:a:altiris:deployment_solution:5.6.181:::::::*
	cpe:2.3:a:altiris:deployment_solution:6.0:::::::*

History

No history.

Information

Published : 2005-05-16 04:00

Updated : 2023-12-10 10:28

NVD link : CVE-2005-1590

Mitre link : CVE-2005-1590

CVE.ORG link : CVE-2005-1590

JSON object : View

Products Affected

altiris

deployment_solution
client_service

CWE

NVD-CWE-Other

{"id": "CVE-2005-1590", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-05-16T04:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0614.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/15159", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/15897", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the \"Altiris Client Service\" hidden window, disabling the password protection, disabling the \"Hide client tray icon box\" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070."}], "lastModified": "2008-09-05T20:49:33.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:altiris:client_service:6.0.88:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "055CDF89-6BB9-40FB-9972-E29A812B0763"}, {"criteria": "cpe:2.3:a:altiris:deployment_solution:5.6:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BB400B1-E748-4523-877C-AA254877CCC2"}, {"criteria": "cpe:2.3:a:altiris:deployment_solution:5.6.181:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C413719-FF42-4EAA-A524-5DE756457124"}, {"criteria": "cpe:2.3:a:altiris:deployment_solution:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A834C4D-ADDF-4FAB-A0F6-9288C4655450"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}