CVE-2005-1590

The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0614.html	Exploit Vendor Advisory
http://www.osvdb.org/15897	Exploit Vendor Advisory
http://secunia.com/advisories/15159	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:altiris:deployment_solution:5.6.181:::::::*
	cpe:2.3:a:altiris:deployment_solution:5.6:sp1::::::
	cpe:2.3:a:altiris:deployment_solution:6.0:::::::*
	cpe:2.3:a:altiris:client_service:6.0.88:::::::*

Information

Published : 2005-05-15 21:00

Updated : 2008-09-05 13:49

NVD link : CVE-2005-1590

Mitre link : CVE-2005-1590

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

altiris

client_service
deployment_solution

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0614.html", "name": "20050427 Privilege escalation and password protection bypass in Altiris Client Service for Windows (Version 6.0.88)", "tags": ["Exploit", "Vendor Advisory"], "refsource": "FULLDISC"}, {"url": "http://www.osvdb.org/15897", "name": "15897", "tags": ["Exploit", "Vendor Advisory"], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/15159", "name": "15159", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the \"Altiris Client Service\" hidden window, disabling the password protection, disabling the \"Hide client tray icon box\" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-1590", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-05-16T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:altiris:deployment_solution:5.6.181:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:altiris:deployment_solution:5.6:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:altiris:deployment_solution:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:altiris:client_service:6.0.88:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:49Z"}