Details of VAR-200511-0453

ID

VAR-200511-0453

CVE

CVE-2005-3546

TITLE

F-Secure Anti-Virus Gatekeeper for Linux and F-Secure Anti-Virus Gateway for Linux Local privilege escalation vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200511-172

DESCRIPTION

suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before 2.15.484 and (2) Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain privilege. F-Secure Anti-Virus products are prone to a local privilege-escalation vulnerability because of insecure setuid-superuser binary permissions. Exploiting this vulnerability allows local attackers to gain superuser privileges, leading to a complete compromise of the affected computer. The vulnerability is caused due to several scripts being installed with the SUID bit set and are world executable. e.g. "/opt/f-secure/fsigk/cgi/*suid.cgi" and "/home/virusgw/cgi/*suid.cgi". These scripts can be exploited by malicious users to gain root privileges. * F-Secure Anti-Virus Linux Gateway versions prior to 2.16. SOLUTION: Update to the fixed version or remove SUID bit from affected scripts. -- Updating to fixed version -- F-Secure Internet Gatekeeper for Linux: Update to version 2.15.484. ftp://ftp.f-secure.com/support/hotfix/ http://www.f-secure.com/webclub/ F-Secure Anti-Virus Linux Gateway: Update to version 2.16. ORIGINAL ADVISORY: http://www.f-secure.com/security/fsc-2005-3.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-3546 // BID: 15339 // VULHUB: VHN-14755 // PACKETSTORM: 41316

AFFECTED PRODUCTS

vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	*	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	*	Trust: 1.0
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	linux	Trust: 0.6
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	linux_gateways	Trust: 0.6
vendor:	f secure	model:	internet gatekeeper for linux	scope:	-	version:	-	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux gateways	scope:	-	version:	-	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper for linux	scope:	ne	version:	2.15.484	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux gateways	scope:	ne	version:	2.16	Trust: 0.3

sources: BID: 15339 // CNNVD: CNNVD-200511-172 // NVD: CVE-2005-3546

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-3546
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200511-172
value:	HIGH
Trust: 0.6
VULHUB:	VHN-14755
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-3546
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-14755
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-14755 // CNNVD: CNNVD-200511-172 // NVD: CVE-2005-3546

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-3546

THREAT TYPE

local

Trust: 1.0

sources: BID: 15339 // PACKETSTORM: 41316 // CNNVD: CNNVD-200511-172

TYPE

Design Error

Trust: 0.9

sources: BID: 15339 // CNNVD: CNNVD-200511-172

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-14755

EXTERNAL IDS

db:	BID	id:	15339	Trust: 2.0
db:	NVD	id:	CVE-2005-3546	Trust: 2.0
db:	SECUNIA	id:	17467	Trust: 1.8
db:	OSVDB	id:	20541	Trust: 1.7
db:	OSVDB	id:	20539	Trust: 1.7
db:	OSVDB	id:	20552	Trust: 1.7
db:	OSVDB	id:	20549	Trust: 1.7
db:	OSVDB	id:	20544	Trust: 1.7
db:	OSVDB	id:	20551	Trust: 1.7
db:	OSVDB	id:	20545	Trust: 1.7
db:	OSVDB	id:	20550	Trust: 1.7
db:	OSVDB	id:	20537	Trust: 1.7
db:	OSVDB	id:	20543	Trust: 1.7
db:	OSVDB	id:	20546	Trust: 1.7
db:	OSVDB	id:	20542	Trust: 1.7
db:	OSVDB	id:	20538	Trust: 1.7
db:	OSVDB	id:	20548	Trust: 1.7
db:	OSVDB	id:	20540	Trust: 1.7
db:	OSVDB	id:	20513	Trust: 1.7
db:	OSVDB	id:	20547	Trust: 1.7
db:	SECTRACK	id:	1015159	Trust: 1.7
db:	SECTRACK	id:	1015160	Trust: 1.7
db:	VUPEN	id:	ADV-2005-2331	Trust: 1.7
db:	CNNVD	id:	CNNVD-200511-172	Trust: 0.7
db:	XF	id:	22966	Trust: 0.6
db:	SEEBUG	id:	SSVID-63280	Trust: 0.1
db:	EXPLOIT-DB	id:	1297	Trust: 0.1
db:	VULHUB	id:	VHN-14755	Trust: 0.1
db:	PACKETSTORM	id:	41316	Trust: 0.1

sources: VULHUB: VHN-14755 // BID: 15339 // PACKETSTORM: 41316 // CNNVD: CNNVD-200511-172 // NVD: CVE-2005-3546

REFERENCES

url:	http://www.f-secure.com/security/fsc-2005-3.shtml	Trust: 2.1
url:	http://www.securityfocus.com/bid/15339	Trust: 1.7
url:	http://www.osvdb.org/20513	Trust: 1.7
url:	http://www.osvdb.org/20537	Trust: 1.7
url:	http://www.osvdb.org/20538	Trust: 1.7
url:	http://www.osvdb.org/20539	Trust: 1.7
url:	http://www.osvdb.org/20540	Trust: 1.7
url:	http://www.osvdb.org/20541	Trust: 1.7
url:	http://www.osvdb.org/20542	Trust: 1.7
url:	http://www.osvdb.org/20543	Trust: 1.7
url:	http://www.osvdb.org/20544	Trust: 1.7
url:	http://www.osvdb.org/20545	Trust: 1.7
url:	http://www.osvdb.org/20546	Trust: 1.7
url:	http://www.osvdb.org/20547	Trust: 1.7
url:	http://www.osvdb.org/20548	Trust: 1.7
url:	http://www.osvdb.org/20549	Trust: 1.7
url:	http://www.osvdb.org/20550	Trust: 1.7
url:	http://www.osvdb.org/20551	Trust: 1.7
url:	http://www.osvdb.org/20552	Trust: 1.7
url:	http://securitytracker.com/id?1015159	Trust: 1.7
url:	http://securitytracker.com/id?1015160	Trust: 1.7
url:	http://secunia.com/advisories/17467	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2005/2331	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/22966	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/22966	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2005/2331	Trust: 0.6
url:	https://europe.f-secure.com/products/anti-virus/linux/	Trust: 0.3
url:	https://europe.f-secure.com/products/fsigkl/	Trust: 0.3
url:	http://secunia.com/product/6055/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://www.f-secure.com/webclub/	Trust: 0.1
url:	http://www.f-secure.co.jp/download/	Trust: 0.1
url:	http://secunia.com/advisories/17467/	Trust: 0.1
url:	http://secunia.com/product/4635/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-14755 // BID: 15339 // PACKETSTORM: 41316 // CNNVD: CNNVD-200511-172 // NVD: CVE-2005-3546

CREDITS

Tigerteam.se Security reported this issue to the vendor.

Trust: 0.9

sources: BID: 15339 // CNNVD: CNNVD-200511-172

SOURCES

db:	VULHUB	id:	VHN-14755
db:	BID	id:	15339
db:	PACKETSTORM	id:	41316
db:	CNNVD	id:	CNNVD-200511-172
db:	NVD	id:	CVE-2005-3546

LAST UPDATE DATE

2024-08-14T15:40:51.711000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-14755	date:	2017-07-11T00:00:00
db:	BID	id:	15339	date:	2007-02-20T21:26:00
db:	CNNVD	id:	CNNVD-200511-172	date:	2005-11-16T00:00:00
db:	NVD	id:	CVE-2005-3546	date:	2017-07-11T01:33:13.377

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-14755	date:	2005-11-16T00:00:00
db:	BID	id:	15339	date:	2005-11-07T00:00:00
db:	PACKETSTORM	id:	41316	date:	2005-11-07T18:01:33
db:	CNNVD	id:	CNNVD-200511-172	date:	2005-11-16T00:00:00
db:	NVD	id:	CVE-2005-3546	date:	2005-11-16T07:42:00