{"api_version":"1","generated_at":"2026-04-23T11:59:37+00:00","cve":"CVE-2009-3110","urls":{"html":"https://cve.report/CVE-2009-3110","api":"https://cve.report/api/cve/CVE-2009-3110.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-3110","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-3110"},"summary":{"title":"CVE-2009-3110","description":"Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does.","state":"PUBLISHED","assigner":"mitre","published_at":"2009-09-08 23:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-362","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:N/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.securityfocus.com/bid/36113","name":"http://www.securityfocus.com/bid/36113","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Symantec Altiris Deployment Solution File Transfer Authentication Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/36502","name":"http://secunia.com/advisories/36502","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Symantec Altiris Deployment Solution Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00","name":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Security Advisories Relating to Symantec Products - Symantec Altiris Deployment Solution Multiple Vulnerabilities - August 26, 2009 | Symantec","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1022779","name":"http://www.securitytracker.com/id?1022779","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Symantec Altiris Deployment Solution Multiple Flaws Let Remote Users Modify the Configuration, Execute Arbitrary Commands, and Deny Service","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-3110","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3110","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"3110","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"altiris_deployment_solution","cpe6":"6.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3110","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"altiris_deployment_solution","cpe6":"6.9","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3110","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"altiris_deployment_solution","cpe6":"6.9.164","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3110","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"altiris_deployment_solution","cpe6":"6.9.176","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3110","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"altiris_deployment_solution","cpe6":"6.9.355","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3110","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"altiris_deployment_solution","cpe6":"6.9.355","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T06:14:55.566Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"36502","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36502"},{"name":"36113","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/36113"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00"},{"name":"1022779","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1022779"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-08-26T00:00:00.000Z","descriptions":[{"lang":"en","value":"Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2013-02-07T10:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"36502","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36502"},{"name":"36113","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/36113"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00"},{"name":"1022779","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1022779"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2009-3110","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"36502","refsource":"SECUNIA","url":"http://secunia.com/advisories/36502"},{"name":"36113","refsource":"BID","url":"http://www.securityfocus.com/bid/36113"},{"name":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00","refsource":"CONFIRM","url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00"},{"name":"1022779","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1022779"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2009-3110","datePublished":"2009-09-08T23:00:00.000Z","dateReserved":"2009-09-08T00:00:00.000Z","dateUpdated":"2024-08-07T06:14:55.566Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-09-08 23:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-362","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*","matchCriteriaId":"F0002047-0965-4086-A5E6-AEC02200B6CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*","matchCriteriaId":"EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*","matchCriteriaId":"BA744B2A-B81E-4E97-A720-307041478B97"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:altiris_deployment_solution:6.9.176:*:*:*:*:*:*:*","matchCriteriaId":"E9301CFC-5925-4249-8439-5E2BBAF06687"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:*:*:*:*:*:*:*","matchCriteriaId":"E4070F9F-F63E-4708-8DA0-339A777383B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:sp1:*:*:*:*:*:*","matchCriteriaId":"5C9DD5AC-7E4C-4A62-A5B3-B179359635A1"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"3110","Ordinal":"1","Title":"CVE-2009-3110","CVE":"CVE-2009-3110","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"3110","Ordinal":"1","NoteData":"Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does.","Type":"Description","Title":"CVE-2009-3110"},{"CveYear":"2009","CveId":"3110","Ordinal":"2","NoteData":"2009-09-08","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"3110","Ordinal":"3","NoteData":"2013-02-07","Type":"Other","Title":"Modified"}]}}}