CVE-2009-3035

Name of the Vulnerable Software and Affected Versions Symantec Altiris Notification Server versions 6.0.x through 6.0 before SP3 R12

Description The issue concerns the web console in Symantec Altiris Notification Server, which uses a hardcoded key to decrypt SQL Server credentials and certain discovery credentials. This key is stored on the Notification Server machine, allowing local users to obtain sensitive information. Potentially, this could also enable local users to execute arbitrary code by decrypting and using these credentials.

Recommendations For Symantec Altiris Notification Server versions 6.0.x through 6.0 before SP3 R12, update to Symantec Altiris Notification Server 6.0 SP3 R12 or later to resolve the issue.