CVE-2004-2622 - Doty Moonlight

Description

AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to which allows remote malicious servers to gain administrator access.

Reference

http://archives.neohapsis.com/archives/bugtraq/2004-10/0211.html http://archives.neohapsis.com/archives/bugtraq/2004-10/0266.html http://packetstorm.linuxsecurity.com/0410-advisories/index2.html http://www.altiris.com/support/forum/Framesearch.aspx?vpath=/aexkb/public%20articles/6.x/deployment%20solution/kb/ds%20client%20security%20kb%20article%2010-22-04.doc&art=AKB6859&source=Altiris%20Helpdesk&artID=23644&refpara=532392&key=akb6859 http://www.securityfocus.com/bid/11498 http://www.osvdb.org/11031 http://securitytracker.com/id?1011862 http://secunia.com/advisories/12944 https://exchange.xforce.ibmcloud.com/vulnerabilities/17814