CVE-2009-3033: Buffer Overflow
First published: Wed Nov 25 2009(Updated: )
Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Altiris Notification Server | =6.0_sp3 | |
| Symantec Altiris Notification Server | =6.0-sp3 | |
| Symantec Altiris Management Platform | =7.0 | |
| Symantec Deployment Solution | =6.9-sp2 | |
| Symantec Deployment Solution | =6.9 | |
| Symantec Altiris Notification Server | =6.0-sp3_r7 | |
| Symantec Deployment Solution | =6.9-sp1 | |
| Symantec Deployment Solution | =6.9.164 | |
| Symantec Altiris Notification Server | =6.0-sp2 | |
| Symantec Altiris Management Platform | =7.0-sp1 | |
| Symantec Deployment Solution | =6.9.176 | |
| Symantec Deployment Solution | =6.9-sp3 | |
| Symantec Deployment Solution | =6.9.355-sp1 | |
| Symantec Altiris Notification Server | =6.0 | |
| Symantec Altiris Notification Server | =6.0-sp1 | |
| Symantec Deployment Solution | =6.9.355 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://kb.altiris.com/article.asp?article=50072&p=1
- http://www.vupen.com/english/advisories/2009/3328
- https://kb.altiris.com/article.asp?article=50279&p=1
- http://www.securityfocus.com/bid/37092
- http://osvdb.org/60496
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091124_00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54415
Frequently Asked Questions
What is the severity of CVE-2009-3033?
CVE-2009-3033 is classified as a critical vulnerability that allows remote code execution via a buffer overflow.
How do I fix CVE-2009-3033?
To fix CVE-2009-3033, upgrade to the latest version of Symantec Altiris products that are not vulnerable.
What products are affected by CVE-2009-3033?
CVE-2009-3033 affects Symantec Altiris Notification Server versions 6.0.x, Altiris Deployment Solution 6.9.x, and Management Platform 7.0.x.
Can CVE-2009-3033 be exploited remotely?
Yes, CVE-2009-3033 can be exploited remotely by an attacker to execute arbitrary code.
What is the impact of CVE-2009-3033?
The impact of CVE-2009-3033 includes potential unauthorized access and control over affected systems.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/symantec
- canonical/symantec altiris notification server
- version/symantec altiris notification server/6.0_sp3
- version/symantec altiris notification server/6.0-sp3
- canonical/symantec altiris management platform
- version/symantec altiris management platform/7.0
- canonical/symantec deployment solution
- version/symantec deployment solution/6.9-sp2
- version/symantec deployment solution/6.9
- version/symantec altiris notification server/6.0-sp3_r7
- version/symantec deployment solution/6.9-sp1
- version/symantec deployment solution/6.9.164
- version/symantec altiris notification server/6.0-sp2
- version/symantec altiris management platform/7.0-sp1
- version/symantec deployment solution/6.9.176
- version/symantec deployment solution/6.9-sp3
- version/symantec deployment solution/6.9.355-sp1
- version/symantec altiris notification server/6.0
- version/symantec altiris notification server/6.0-sp1
- version/symantec deployment solution/6.9.355