Details of VAR-200510-0260

ID

VAR-200510-0260

CVE

CVE-2005-3270

TITLE

Symantec LiveUpdate for Macintosh Local privilege elevation vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200510-155

DESCRIPTION

Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file. TITLE: Symantec Norton AntiVirus / LiveUpdate for Macintosh Privilege Escalation SECUNIA ADVISORY ID: SA17268 VERIFY ADVISORY: http://secunia.com/advisories/17268/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Symantec Norton Utilities for Macintosh 8.x http://secunia.com/product/5953/ Symantec LiveUpdate for Macintosh 3.x http://secunia.com/product/5954/ Symantec Norton AntiVirus for Macintosh 10.x http://secunia.com/product/5949/ Symantec Norton AntiVirus for Macintosh 9.x http://secunia.com/product/5948/ Symantec Norton Internet Security for Macintosh 3.x http://secunia.com/product/5951/ Symantec Norton Personal Firewall for Macintosh 3.x http://secunia.com/product/5950/ Symantec Norton SystemWorks for Macintosh 3.x http://secunia.com/product/5952/ DESCRIPTION: Some vulnerabilities have been reported in Symantec Norton AntiVirus for Macintosh and Symantec LiveUpdate for Macintosh, which can be exploited by malicious, local users to gain escalated privileges. 1) The suid "DiskMountNotify" component of Symantec Norton AntiVirus for Macintosh fails to set its execution path environment. This may be exploited by malicious users to execute arbitrary commands with System Administrative privileges by modifying the execution path that the component uses to locate system commands. The vulnerability has been reported in the following versions : * version 9.0.0, 9.0.1 * version 9.0.2 (English, Japanese) * version 9.0.2 Build 5 (French, German, Italian) * version 9.0.3 (English, Japanese) * version 10.0.0, 10.0.1 2) The LiveUpdate component uses a suid command-line application to interface with the Java interpreter. This can be exploited by malicious users to execute arbitrary Java code with System Administrative privileges using the interface application. The vulnerability has been reported in the following products: * LiveUpdate for Macintosh versions 3.0.0, 3.0.1 and 3.0.2 * LiveUpdate for Macintosh version 3.0.3 Build 5 (English) * LiveUpdate for Macintosh version 3.0.3 Build 11, 3.5.0 Build 47 * Norton AntiVirus 9.0.x, 10.0.0, 10.0.1 * Norton Personal Firewall 3.0.x, 3.1.0 * Norton Internet Security 3.0.x * Norton Utilities 8.0.x * Norton SystemWorks 3.0.x SOLUTION: Update to the latest version via Live Update. PROVIDED AND/OR DISCOVERED BY: The vendor credits iDEFENSE. ORIGINAL ADVISORY: http://securityresponse.symantec.com/avcenter/security/Content/2005.10.19.html http://securityresponse.symantec.com/avcenter/security/Content/2005.10.19a.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.08

sources: NVD: CVE-2005-3270 // VULHUB: VHN-14479 // PACKETSTORM: 40811

AFFECTED PRODUCTS

vendor:

symantec

model:

norton antivirus

scope:

version:

9.0.3

Trust: 1.6

sources: CNNVD: CNNVD-200510-155 // NVD: CVE-2005-3270

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-3270
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200510-155
value:	HIGH
Trust: 0.6
VULHUB:	VHN-14479
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-3270
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-14479
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-14479 // CNNVD: CNNVD-200510-155 // NVD: CVE-2005-3270

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-3270

THREAT TYPE

local

Trust: 0.7

sources: PACKETSTORM: 40811 // CNNVD: CNNVD-200510-155

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200510-155

EXTERNAL IDS

db:	SECUNIA	id:	17268	Trust: 1.8
db:	NVD	id:	CVE-2005-3270	Trust: 1.7
db:	BID	id:	15142	Trust: 1.7
db:	BID	id:	15143	Trust: 1.7
db:	SECTRACK	id:	1015084	Trust: 1.7
db:	CNNVD	id:	CNNVD-200510-155	Trust: 0.7
db:	IDEFENSE	id:	20051020 SYMANTEC NORTON ANTIVIRUS DISKMOUNTNOTIFY LOCAL PRIVILEGE ESCALATION	Trust: 0.6
db:	VULHUB	id:	VHN-14479	Trust: 0.1
db:	PACKETSTORM	id:	40811	Trust: 0.1

sources: VULHUB: VHN-14479 // PACKETSTORM: 40811 // CNNVD: CNNVD-200510-155 // NVD: CVE-2005-3270

REFERENCES

url:	http://www.securityfocus.com/bid/15142	Trust: 1.7
url:	http://www.securityfocus.com/bid/15143	Trust: 1.7
url:	http://securitytracker.com/id?1015084	Trust: 1.7
url:	http://secunia.com/advisories/17268	Trust: 1.7
url:	http://www.idefense.com/application/poi/display?id=325&type=vulnerabilities	Trust: 1.6
url:	http://www.idefense.com/application/poi/display?id=325&type=vulnerabilities	Trust: 0.1
url:	http://secunia.com/product/5953/	Trust: 0.1
url:	http://secunia.com/advisories/17268/	Trust: 0.1
url:	http://secunia.com/product/5950/	Trust: 0.1
url:	http://securityresponse.symantec.com/avcenter/security/content/2005.10.19a.html	Trust: 0.1
url:	http://secunia.com/product/5951/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://securityresponse.symantec.com/avcenter/security/content/2005.10.19.html	Trust: 0.1
url:	http://secunia.com/product/5954/	Trust: 0.1
url:	http://secunia.com/product/5952/	Trust: 0.1
url:	http://secunia.com/product/5949/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/5948/	Trust: 0.1

sources: VULHUB: VHN-14479 // PACKETSTORM: 40811 // CNNVD: CNNVD-200510-155 // NVD: CVE-2005-3270

CREDITS

Discovery is credited to DigitalMunition.com.

Trust: 0.6

sources: CNNVD: CNNVD-200510-155

SOURCES

db:	VULHUB	id:	VHN-14479
db:	PACKETSTORM	id:	40811
db:	CNNVD	id:	CNNVD-200510-155
db:	NVD	id:	CVE-2005-3270

LAST UPDATE DATE

2024-08-14T14:22:54.740000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-14479	date:	2008-09-05T00:00:00
db:	CNNVD	id:	CNNVD-200510-155	date:	2005-10-21T00:00:00
db:	NVD	id:	CVE-2005-3270	date:	2008-09-05T20:53:54.920

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-14479	date:	2005-10-21T00:00:00
db:	PACKETSTORM	id:	40811	date:	2005-10-21T17:57:17
db:	CNNVD	id:	CNNVD-200510-155	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-3270	date:	2005-10-21T01:02:00