CVE-2004-2622

AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2004-10/0211.html	Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2004-10/0266.html
http://packetstorm.linuxsecurity.com/0410-advisories/index2.html
http://www.altiris.com/support/forum/Framesearch.aspx?vpath=/aexkb/public%20articles/6.x/deployment%20solution/kb/ds%20client%20security%20kb%20article%2010-22-04.doc&art=AKB6859&source=Altiris%20Helpdesk&artID=23644&refpara=532392&key=akb6859
http://www.securityfocus.com/bid/11498
http://www.osvdb.org/11031
http://securitytracker.com/id?1011862	Vendor Advisory
http://secunia.com/advisories/12944	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17814

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:5.0.1:::::::*
	cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:6.1:::::::*
	cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:6.1:sp1::::::
	cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:5.5:::::::*
	cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:6.0:::::::*

Information

Published : 2004-12-30 21:00

Updated : 2017-07-19 18:29

NVD link : CVE-2004-2622

Mitre link : CVE-2004-2622

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

altiris

deployment_server_extension_for_ibm_director

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0211.html", "name": "20041021 Critical Vulnerability in Altiris Deployment Server architecture", "tags": ["Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0266.html", "name": "20041025 RE: Critical Vulnerability in Altiris Deployment Server architecture", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://packetstorm.linuxsecurity.com/0410-advisories/index2.html", "name": "http://packetstorm.linuxsecurity.com/0410-advisories/index2.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.altiris.com/support/forum/Framesearch.aspx?vpath=/aexkb/public%20articles/6.x/deployment%20solution/kb/ds%20client%20security%20kb%20article%2010-22-04.doc&art=AKB6859&source=Altiris%20Helpdesk&artID=23644&refpara=532392&key=akb6859", "name": "http://www.altiris.com/support/forum/Framesearch.aspx?vpath=/aexkb/public%20articles/6.x/deployment%20solution/kb/ds%20client%20security%20kb%20article%2010-22-04.doc&art=AKB6859&source=Altiris%20Helpdesk&artID=23644&refpara=532392&key=akb6859", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/11498", "name": "11498", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/11031", "name": "11031", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1011862", "name": "1011862", "tags": ["Vendor Advisory"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/12944", "name": "12944", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17814", "name": "altiris-gain-unauth-access(17814)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-2622", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:6.1:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:altiris:deployment_server_extension_for_ibm_director:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:29Z"}