CVE-2009-3035

The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r7:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r8:*:*:*:*:*:*

Information

Published : 2010-02-02 08:30

Updated : 2017-08-16 18:31


NVD link : CVE-2009-3035

Mitre link : CVE-2009-3035


JSON object : View

CWE
CWE-255

Credentials Management Errors

Advertisement

dedicated server usa

Products Affected

symantec

  • altiris_notification_server