Details of VAR-200711-0405

ID

VAR-200711-0405

CVE

CVE-2007-5829

TITLE

Macintosh For Symantec AntiVirus Of products such as Disk Mount In the scanner root Privileged vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-006298

DESCRIPTION

The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled. Symantec AntiVirus for Macintosh is prone to a local privilege-escalation vulnerability. This issue occurs in the Mount Scan feature. An attacker with group 'admin' privileges can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The weakness is caused due to insecure permissions on the "/Library/Application Support" folder. replacing a certain application within the affected folder or tricking the Disk Mount scanner into launching an arbitrary executable by renaming folders. Successful exploitation requires membership of the "admin" group and that "mount scanning" is enabled and configured to show the progress. Linux and Windows versions are not affected. SOLUTION: The vendor recommends to disable "Show Progress During Mount Scans" and to set the sticky bit for the folder "Library/Application Support" (see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits William Carrel. ORIGINAL ADVISORY: http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-5829 // JVNDB: JVNDB-2007-006298 // BID: 26253 // VULHUB: VHN-29191 // PACKETSTORM: 60672

AFFECTED PRODUCTS

vendor:	symantec	model:	norton antivirus	scope:	eq	version:	9.0.3	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	9.0	Trust: 1.6
vendor:	symantec	model:	norton internet security	scope:	eq	version:	3.0	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	9.0.1	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	10.1	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	10.0	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	9.0.2	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	10.0 and 10.1	Trust: 0.8
vendor:	symantec	model:	norton internet security	scope:	eq	version:	3.x	Trust: 0.8
vendor:	symantec	model:	norton antivirus for macintosh	scope:	eq	version:	9.0	Trust: 0.3
vendor:	symantec	model:	norton antivirus for macintosh	scope:	eq	version:	10.0	Trust: 0.3
vendor:	symantec	model:	internet security for macintosh	scope:	eq	version:	3.0	Trust: 0.3
vendor:	symantec	model:	antivirus for macintosh	scope:	eq	version:	10.1	Trust: 0.3
vendor:	symantec	model:	antivirus for macintosh	scope:	eq	version:	10.0	Trust: 0.3
vendor:	symantec	model:	norton antivirus for macintosh	scope:	ne	version:	11.0	Trust: 0.3
vendor:	symantec	model:	antivirus for macintosh	scope:	ne	version:	10.2	Trust: 0.3

sources: BID: 26253 // JVNDB: JVNDB-2007-006298 // CNNVD: CNNVD-200711-054 // NVD: CVE-2007-5829

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-5829
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-5829
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200711-054
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-29191
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-5829
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-29191
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-29191 // JVNDB: JVNDB-2007-006298 // CNNVD: CNNVD-200711-054 // NVD: CVE-2007-5829

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-29191 // JVNDB: JVNDB-2007-006298 // NVD: CVE-2007-5829

THREAT TYPE

local

Trust: 1.0

sources: BID: 26253 // PACKETSTORM: 60672 // CNNVD: CNNVD-200711-054

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200711-054

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-006298

PATCH

title:

SYM07-028

url:

http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-006298

EXTERNAL IDS

db:	NVD	id:	CVE-2007-5829	Trust: 2.8
db:	BID	id:	26253	Trust: 2.0
db:	SECUNIA	id:	27488	Trust: 1.8
db:	SECTRACK	id:	1018890	Trust: 1.7
db:	SECTRACK	id:	1018889	Trust: 1.7
db:	VUPEN	id:	ADV-2007-3698	Trust: 1.7
db:	OSVDB	id:	40864	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-006298	Trust: 0.8
db:	XF	id:	38229	Trust: 0.6
db:	CNNVD	id:	CNNVD-200711-054	Trust: 0.6
db:	VULHUB	id:	VHN-29191	Trust: 0.1
db:	PACKETSTORM	id:	60672	Trust: 0.1

sources: VULHUB: VHN-29191 // BID: 26253 // JVNDB: JVNDB-2007-006298 // PACKETSTORM: 60672 // CNNVD: CNNVD-200711-054 // NVD: CVE-2007-5829

REFERENCES

url:	http://securityresponse.symantec.com/avcenter/security/content/2007.11.02.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/26253	Trust: 1.7
url:	http://osvdb.org/40864	Trust: 1.7
url:	http://securitytracker.com/id?1018889	Trust: 1.7
url:	http://securitytracker.com/id?1018890	Trust: 1.7
url:	http://secunia.com/advisories/27488	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/3698	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/38229	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5829	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5829	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/38229	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/3698	Trust: 0.6
url:	http://www.symantec.com/norton/products/overview.jsp?pcid=ma&pvid=nav10mac	Trust: 0.3
url:	http://blog.carrel.org/2007/11/security-advisory-norton-antivirus-for.html	Trust: 0.3
url:	http://www.symantec.com/avcenter/security/content/2007.11.02.html	Trust: 0.3
url:	http://service1.symantec.com/support/num.nsf/docid/2008022610250611	Trust: 0.3
url:	http://service1.symantec.com/support/ent-security.nsf/docid/2008021511052348	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/5951/	Trust: 0.1
url:	http://secunia.com/product/14768/	Trust: 0.1
url:	http://secunia.com/advisories/27488/	Trust: 0.1
url:	http://secunia.com/product/5949/	Trust: 0.1
url:	http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/5948/	Trust: 0.1

sources: VULHUB: VHN-29191 // BID: 26253 // JVNDB: JVNDB-2007-006298 // PACKETSTORM: 60672 // CNNVD: CNNVD-200711-054 // NVD: CVE-2007-5829

CREDITS

William Carrel is credited with discovering this vulnerability.

Trust: 0.9

sources: BID: 26253 // CNNVD: CNNVD-200711-054

SOURCES

db:	VULHUB	id:	VHN-29191
db:	BID	id:	26253
db:	JVNDB	id:	JVNDB-2007-006298
db:	PACKETSTORM	id:	60672
db:	CNNVD	id:	CNNVD-200711-054
db:	NVD	id:	CVE-2007-5829

LAST UPDATE DATE

2024-11-23T22:50:13.190000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-29191	date:	2017-07-29T00:00:00
db:	BID	id:	26253	date:	2008-02-28T16:12:00
db:	JVNDB	id:	JVNDB-2007-006298	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200711-054	date:	2007-11-07T00:00:00
db:	NVD	id:	CVE-2007-5829	date:	2024-11-21T00:38:47.543

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-29191	date:	2007-11-05T00:00:00
db:	BID	id:	26253	date:	2007-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2007-006298	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	60672	date:	2007-11-05T16:03:55
db:	CNNVD	id:	CNNVD-200711-054	date:	2007-11-05T00:00:00
db:	NVD	id:	CVE-2007-5829	date:	2007-11-05T19:46:00