CVE-2009-3110 - OpenCVE

Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Symantec	Altiris Deployment Solution

Configuration 1 [-]

OR	cpe:2.3:a:symantec:altiris_deployment_solution:6.9:::::::*
	cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1::::::
	cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:::::::*
	cpe:2.3:a:symantec:altiris_deployment_solution:6.9.176:::::::*
	cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:::::::*
	cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:sp1::::::

References

Link	Resource
http://secunia.com/advisories/36502	Vendor Advisory
http://www.securityfocus.com/bid/36113
http://www.securitytracker.com/id?1022779
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-09-08T23:00:00

Updated: 2013-02-07T10:00:00

Reserved: 2009-09-08T00:00:00

Link: CVE-2009-3110

JSON object: View

NVD Information

Status : Modified

Published: 2009-09-08T23:30:00.657

Modified: 2013-02-07T04:21:39.717

Link: CVE-2009-3110

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-08-26T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-02-07T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "36502", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36502"}, {"name": "36113", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36113"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00"}, {"name": "1022779", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022779"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3110", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "36502", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36502"}, {"name": "36113", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36113"}, {"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00", "refsource": "CONFIRM", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00"}, {"name": "1022779", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022779"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3110", "datePublished": "2009-09-08T23:00:00", "dateReserved": "2009-09-08T00:00:00", "dateUpdated": "2013-02-07T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*", "matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*", "matchCriteriaId": "EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*", "matchCriteriaId": "BA744B2A-B81E-4E97-A720-307041478B97", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.176:*:*:*:*:*:*:*", "matchCriteriaId": "E9301CFC-5925-4249-8439-5E2BBAF06687", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:*:*:*:*:*:*:*", "matchCriteriaId": "E4070F9F-F63E-4708-8DA0-339A777383B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:sp1:*:*:*:*:*:*", "matchCriteriaId": "5C9DD5AC-7E4C-4A62-A5B3-B179359635A1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does."}, {"lang": "es", "value": "Condici\u00f3n de carrera en la funcionalidad de transferencia de ficheros en Symantec Altiris Deployment Solution v6.9.x anterior a v6.9 SP3 Build 430, permite a atacantes remotos leer archivos sensibles y prevenir las actualizaciones de los clientes mediante la conexi\u00f3n a un puerto de transferencia antes de que lo haga el autentico cliente."}], "id": "CVE-2009-3110", "lastModified": "2013-02-07T04:21:39.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-09-08T23:30:00.657", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36502"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/36113"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022779"}, {"source": "cve@mitre.org", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}