Symantec AntiVirus For Macintosh Mount Scan Local Privilege Escalation Vulnerability
BID:26253
Info
Symantec AntiVirus For Macintosh Mount Scan Local Privilege Escalation Vulnerability
| Bugtraq ID: | 26253 |
| Class: | Design Error |
| CVE: |
CVE-2007-5829 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 01 2007 12:00AM |
| Updated: | Feb 28 2008 04:12PM |
| Credit: | William Carrel is credited with discovering this vulnerability. |
| Vulnerable: |
Symantec Norton Antivirus for Macintosh 9.0 Symantec Norton Antivirus for Macintosh 10.0 Symantec Internet Security for Macintosh 3.0 Symantec AntiVirus for Macintosh 10.1 Symantec AntiVirus for Macintosh 10.0 |
| Not Vulnerable: |
Symantec Norton Antivirus for Macintosh 11.0 Symantec AntiVirus for Macintosh 10.2 |
Discussion
Symantec AntiVirus For Macintosh Mount Scan Local Privilege Escalation Vulnerability
Symantec AntiVirus for Macintosh is prone to a local privilege-escalation vulnerability. This issue occurs in the Mount Scan feature.
An attacker with group 'admin' privileges can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
Symantec AntiVirus for Macintosh is prone to a local privilege-escalation vulnerability. This issue occurs in the Mount Scan feature.
An attacker with group 'admin' privileges can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
Exploit / POC
Symantec AntiVirus For Macintosh Mount Scan Local Privilege Escalation Vulnerability
To exploit this issue, an attacker uses standard utilities on affected computers.
To exploit this issue, an attacker uses standard utilities on affected computers.
Solution / Fix
Symantec AntiVirus For Macintosh Mount Scan Local Privilege Escalation Vulnerability
Solution:
The vendor released an advisory to address this issue. Please see the references for more information.
Solution:
The vendor released an advisory to address this issue. Please see the references for more information.
References
Symantec AntiVirus For Macintosh Mount Scan Local Privilege Escalation Vulnerability
References:
References:
- Norton AntiVirus for Macintosh Homepage (Symantec)
- Security Advisory: Norton AntiVirus for Macintosh (William Carrel)
- SYM07-028 - Symantec AntiVirus for Macintosh and Norton AntiVirus for Macintosh (Symantec)
- SYM07-028: Symantec AntiVirus for Macintosh and Norton AntiVirus for Macintosh L (Symantec)
- SYM07-028: Symantec AntiVirus for Macintosh and Norton AntiVirus for Macintosh L (Symantec)