CVE-2009-3109

Name of the Vulnerable Software and Affected Versions: Symantec Altiris Deployment Solution versions 6.9.x before 6.9 SP3 Build 430

Description: The issue allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending alternate commands before the handshake is completed, when key-based authentication is being used between a deployment server and a client.

Recommendations: For Symantec Altiris Deployment Solution versions 6.9.x before 6.9 SP3 Build 430, update to 6.9 SP3 Build 430 or later to resolve the issue.