Symantec's Altiris Deployment Solution - Client/Server Authentication Bypass
- Published: 7 Jan 2010
- Type: Symantec's Altiris Deployment Solution – Client/Server Authentication Bypass
- Severity: High
Affected Products
Symantec's Altiris Deployment Solution
CVE
CVE-2009-3109
A vulnerability has been identified in the software agent in the client that connects to the deployment server. It does not properly track the current authentication status of the server to which it connects and so can be tricked into accepting commands without verifying the authenticity of the server.