Vulnerabilities > CVE-2004-2622 - Remote Command Execution vulnerability in Altiris Deployment Server

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

altiris

critical

NVD

Published: 2004-12-31

Updated: 2017-07-20

Summary

AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access.

Vulnerable Configurations

Part	Description	Count
Application	Altiris Altiris Deployment Server Extension FOR IBM Director 5.0.1 Altiris Deployment Server Extension FOR IBM Director 5.5 Altiris Deployment Server Extension FOR IBM Director 6.0 Altiris Deployment Server Extension FOR IBM Director 6.1	5

References

http://archives.neohapsis.com/archives/bugtraq/2004-10/0211.html
http://archives.neohapsis.com/archives/bugtraq/2004-10/0266.html
http://packetstorm.linuxsecurity.com/0410-advisories/index2.html
http://secunia.com/advisories/12944
http://securitytracker.com/id?1011862
http://www.altiris.com/support/forum/Framesearch.aspx?vpath=/aexkb/public%20articles/6.x/deployment%20solution/kb/ds%20client%20security%20kb%20article%2010-22-04.doc&art=AKB6859&source=Altiris%20Helpdesk&artID=23644&refpara=532392&key=akb6859
http://www.osvdb.org/11031
http://www.securityfocus.com/bid/11498
https://exchange.xforce.ibmcloud.com/vulnerabilities/17814