CyberSec.Space Logo
Back to CVE Browser

CVE-2009-3109

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0340%
EPSS Percentile37.95th
PublishedSep 8, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed.

Affected Platforms (CPE)

πŸ“¦
Symantec

Altiris Deployment Solution

= 6.9
πŸ“¦
Symantec

Altiris Deployment Solution

= 6.9
πŸ“¦
Symantec

Altiris Deployment Solution

= 6.9

References & Advisories

πŸ”— http://secunia.com/advisories/36502
πŸ”— http://www.securityfocus.com/bid/36112
πŸ”— http://www.securitytracker.com/id?1022779
πŸ”— http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00
πŸ”— http://secunia.com/advisories/36502
πŸ”— http://www.securityfocus.com/bid/36112
πŸ”— http://www.securitytracker.com/id?1022779
πŸ”— http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00

Related Vulnerabilities

CVE-2009-317910.0

Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary...

CVE-2012-029010.0

Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris...

CVE-2004-262210.0

AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it co...

CVE-2009-30319.3

Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 ...