Symantec Altiris NS Key Unauthorized Access Vulnerability Network Vulnerability

Summary

This host is installed with Symantec Altiris Notification Server and is prone to unauthorized access vulnerability.

Impact

Successful exploitation let attackers to access certain encrypted credentials and encryption keys and also execute code, obtain sensitive information, or perform actions with elevated privileges. Impact Level: Application

Solution

Update to Symantec Altiris Notification Server 6.0 SP3 R12 For updates refer to https://kb.altiris.com/article.asp?article=46763&p=1

Insight

The flaw is due to the application using a static encryption key to encrypt and store certain credentials.

Affected

Symantec Altiris Notification Server versions 6.0.x before 6.0 SP3 R12

References

http://secunia.com/advisories/38356
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100128_00
http://xforce.iss.net/xforce/xfdb/55952

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3035
CVSS Base Score: 4.3
AV:L/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win)
Apache Tomcat Multiple Vulnerabilities - 01 Mar14
Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
Apache Tomcat Multiple Vulnerabilities - 02 Mar14
Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux)

Take action and discover your vulnerabilities