CVE-2004-2622
CVSS10.0
发布时间 :2004-12-31 00:00:00
修订时间 :2008-09-05 16:44:39
NMCO    

[原文]AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access.


[CNNVD]Altiris Deployment Server远程客户端控制漏洞(CNNVD-200412-831)

        
        Altiris Deployment Server是可以进行自动化的多服务器安装工作的解决方案。
        Altiris Deployment Server存在一个安全问题,远程攻击者可以利用这个漏洞控制所有目标客户端系统。
        Brian Gallagher报告'AClient.exe'客户端进程没有对Deployment Server的连接进行任何验证,结果可导致恶意服务程序可以管理员权限控制连接的客户端目标系统。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:altiris:deployment_server_extension_for_ibm_director:6.1Altiris Deployment Server 6.1
cpe:/a:altiris:deployment_server_extension_for_ibm_director:5.5Altiris Deployment Server 5.5
cpe:/a:altiris:deployment_server_extension_for_ibm_director:6.1:sp1
cpe:/a:altiris:deployment_server_extension_for_ibm_director:5.0.1Altiris Deployment Server 5.0.1
cpe:/a:altiris:deployment_server_extension_for_ibm_director:6.0Altiris Deployment Server 6.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2622
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2622
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-831
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/17814
(UNKNOWN)  XF  altiris-gain-unauth-access(17814)
http://www.securityfocus.com/bid/11498
(UNKNOWN)  BID  11498
http://www.osvdb.org/11031
(UNKNOWN)  OSVDB  11031
http://www.altiris.com/support/forum/Framesearch.aspx?vpath=/aexkb/public%20articles/6.x/deployment%20solution/kb/ds%20client%20security%20kb%20article%2010-22-04.doc&art=AKB6859&source=Altiris%20Helpdesk&artID=23644&refpara=532392&key=akb6859
(UNKNOWN)  CONFIRM  http://www.altiris.com/support/forum/Framesearch.aspx?vpath=/aexkb/public%20articles/6.x/deployment%20solution/kb/ds%20client%20security%20kb%20article%2010-22-04.doc&art=AKB6859&source=Altiris%20Helpdesk&artID=23644&refpara=532392&key=akb6859
http://securitytracker.com/id?1011862
(VENDOR_ADVISORY)  SECTRACK  1011862
http://secunia.com/advisories/12944
(VENDOR_ADVISORY)  SECUNIA  12944
http://packetstorm.linuxsecurity.com/0410-advisories/index2.html
(UNKNOWN)  CONFIRM  http://packetstorm.linuxsecurity.com/0410-advisories/index2.html
http://archives.neohapsis.com/archives/bugtraq/2004-10/0266.html
(UNKNOWN)  BUGTRAQ  20041025 RE: Critical Vulnerability in Altiris Deployment Server architecture
http://archives.neohapsis.com/archives/bugtraq/2004-10/0211.html
(VENDOR_ADVISORY)  BUGTRAQ  20041021 Critical Vulnerability in Altiris Deployment Server architecture

- 漏洞信息

Altiris Deployment Server远程客户端控制漏洞
危急 访问验证错误
2004-12-31 00:00:00 2005-12-19 00:00:00
远程  
        
        Altiris Deployment Server是可以进行自动化的多服务器安装工作的解决方案。
        Altiris Deployment Server存在一个安全问题,远程攻击者可以利用这个漏洞控制所有目标客户端系统。
        Brian Gallagher报告'AClient.exe'客户端进程没有对Deployment Server的连接进行任何验证,结果可导致恶意服务程序可以管理员权限控制连接的客户端目标系统。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 当安装ACLIENT.EXE的时候不要使用"Use TCP/IP Multicast to locate a Deployment Server"选项,选择固定IP地址和端口号码。
        * 当安装ACLIENT.EXE的时候使用 "Encrypt Sessions with Server"和"Require Encrypted Sessions with Server"选项。
        * 当安装ACLIENT.EXE的时候使用 "Remain Connected to the server"
        * 不要使用"Advertise the server this client is connected to through multicasting "选项。
        厂商补丁:
        Altiris
        -------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.altiris.com/products/deploymentsol/

- 漏洞信息

11031
Altiris Deployment Solution AClient.exe Unauthenticated Remote Access
Remote / Network Access Authentication Management
Loss of Integrity
Exploit Public

- 漏洞描述

Deployment Solution contains a flaw that may allow a malicious user to gain full administrative access to clients on the network. The issue is due to the AClient.exe process not requesting any authentication from the server and is triggered when the attacker tricks a client into connecting to a malicious Deployment Solution server. It is possible that the flaw may allow the attacker to gain full administrative access and remote control of the client, resulting in a loss of integrity.

- 时间线

2004-10-21 Unknow
2004-10-21 Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): 1) Do not use the "Use TCP/IP Multicast to locate a Deployment Server" option when installing aclient.exe. Put in a fixed IP address and Port number when installing the client. 2) Turn on the "Encrypt Sessions with Server" and the "Require Encrypted Sessions with Server" options when installing aclient.exe. 3) Turn on the "Remain Connected to the server" option when installing aclient.exe. 4) Do not use the "Advertise the server this client is connected to through multicasting" option unless absolutely required.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站