F-Secure scripts allow root privileges

fsecure-scripts-root-privileges (22966) The risk level is classified as HighHigh Risk

Description:

F-Secure Anti-Virus Internet Gatekeeper for Linux and F-Secure Anti-Virus Linux Gateway could allow a local attacker to obtain root privileges. Scripts are installed with the SUID bit set and have world executable permissions, including /opt/f-secure/fsigk/cgi/*suid.cgi and /home/virusgw/cgi/*suid.cgi. A local attacker can exploit this vulnerability to obtain elevated privileges, including root.


Consequences:

Gain Privileges

Remedy:

For F-Secure Internet Gatekeeper for Linux:
Upgrade to the latest build (2.15.484), available to existing customers from the F-Secure Web Club Web site. See References.

For F-Secure Anti-Virus Linux Gateway:
Upgrade to the latest build (2.16), available to existing customers from the F-Secure Web Club Web site. See References.

— OR —

Run the commands as listed in F-Secure Security Bulletin FSC-2005-3. See References.

References:

  • F-Secure Security Bulletin FSC-2005-3: Local root vulnerability in F-Secure Internet Gatekeeper for Linux and F-Secure Anti-Virus Linux Gateway.
  • F-Secure Web Club Web site: F-Secure Web Club - exclusive for our existing customers.
  • BID-15339: F-Secure Anti-Virus Gatekeeper and Gateway for Linux Local Privilege Escalation Vulnerability
  • CVE-2005-3546: suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before 2.15.484 and (2) Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain privilege.
  • OSVDB ID: 20513: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway ifconfig_suid.cgi Local Privilege Escalation
  • OSVDB ID: 20537: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway reboot_suid.cgi Local Privilege Escalation
  • OSVDB ID: 20538: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway proxy_suid.cgi Local Privilege Escalation
  • OSVDB ID: 20539: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway edittmpl_suid.cgi Local Privilege Escalation
  • OSVDB ID: 20540: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway version_suid.cgi Local Privilege Escalation
  • OSVDB ID: 20541: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway hostname_suid.cgi Local Privilege Escalation
  • OSVDB ID: 20542: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway gateway_suid.cgi Local Privilege Escalation
  • OSVDB ID: 20543: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway halt_suid.cgi Local Privilege Escalation
  • OSVDB ID: 20544: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway edituserdb_suid.cgi Local Privilege Escalation
  • OSVDB ID: 20545: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway htpasswd_suid.cgi Local Privilege Escalation
  • OSVDB ID: 20546: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway pattern_up_suid.cgi Local Privilege Escalation
  • OSVDB ID: 20547: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway license_suid.cgi Local Privilege Escalation
  • OSVDB ID: 20548: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway iptables_suid.cgi Local Privilege Escalation
  • OSVDB ID: 20549: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway dns_suid.cgi Local Privilege Escalation
  • OSVDB ID: 20550: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway pattern_autoup_suid.cgi Local Privilege Escalation
  • OSVDB ID: 20551: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway spam_list_suid.cgi Local Privilege Escalation
  • OSVDB ID: 20552: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway diag_suid.cgi Local Privilege Escalation
  • SA17467: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway Privilege Escalation
  • SECTRACK ID: 1015159: F-Secure Anti-Virus Linux Gateway CGI Scripts Let Local Users Obtain Root Privileges
  • SECTRACK ID: 1015160: F-Secure Internet Gatekeeper CGI Scripts Let Local Users Obtain Root Privileges
  • VUPEN/ADV-2005-2331: F-Secure Anti-Virus for Linux Local Privilege Escalation Vulnerability

Platforms Affected:

  • F-Secure Anti-Virus Linux Gateway prior to 2.16
  • F-Secure Internet Gatekeeper for Linux prior to 2.15.484

Reported:

Nov 07, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page