Symantec's Altiris Deployment Solution - Client/Server Authentication Bypass
- Published: 7 Jan 2010
Symantec’s Altiris Deployment Solution - Client/Server Authentication Bypass
CVE-2009-3109
Share
Type
- Symantec’s Altiris Deployment Solution – Client/Server Authentication Bypass
Severity
- High
Affected products
- Symantec’s Altiris Deployment Solution
Date
- 2010-01-07
CVE Reference
- CVE-2009-3109
A vulnerability has been identified in the software agent in the client that connects to the deployment server. It does not properly track the current authentication status of the server to which it connects and so can be tricked into accepting commands without verifying the authenticity of the server.