NOD32 "Restore to" file upload
| nod32-restoreto-file-upload (25640) |  Medium Risk |
Description:
NOD32 could allow a local attacker to upload files to an arbitrary directory caused by a vulnerability in the 'Restore to' feature. The 'Restore to' feature retains SYSTEM privileges allowing a local attacker to write a file to an arbitrary directory on the system with elevated privileges.
Consequences:
File Manipulation
Remedy:
Upgrade to the latest version of NOD32 (2.51.26 or later), available from the NOD32 Download Web page. See References.
References:
- Full-Disclosure Mailing List, Tue Apr 04 2006 - 13:21:41 CDT: NOD32 local privilege escalation vulnerability.
- NOD32 Download Web page: Download the NOD32 Antivirus System.
- BID-17374: Eset Software NOD32 Antivirus Local Arbitrary File Creation Vulnerability
- CVE-2006-1649: The restore to selection in the quarantine a file capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions.
- OSVDB ID: 24393: NOD32 Restore To Feature Arbitrary File Write
- SA19054: NOD32 Privilege Escalation Vulnerabilities
- SECTRACK ID: 1015867: NOD32 Quarantine Function Lets Local Users Gain Elevated Privileges
- VUPEN/ADV-2006-1242: NOD32 Scheduler and File Restoration Local Privilege Escalation Vulnerabilities
Platforms Affected:
- ESET NOD32 Antivirus 2.5
Reported:
Apr 05, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net