CVE-2004-2622 Information

Description

AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to which allows remote malicious servers to gain administrator access.

Reference

http://archives.neohapsis.com/archives/bugtraq/2004-10/0211.html http://archives.neohapsis.com/archives/bugtraq/2004-10/0266.html http://packetstorm.linuxsecurity.com/0410-advisories/index2.html http://secunia.com/advisories/12944 http://securitytracker.com/id?1011862 http://www.altiris.com/support/forum/Framesearch.aspx?vpath=/aexkb/public20articles/6.x/deployment20solution/kb/ds20client20security20kb20article2010-22-04.doc&art=AKB6859&source=Altiris20Helpdesk&artID=23644&refpara=532392&key=akb6859 http://www.osvdb.org/11031 http://www.securityfocus.com/bid/11498 https://exchange.xforce.ibmcloud.com/vulnerabilities/17814