Symantec LiveUpdate execution path environment privilege escalation
| liveupdate-exepath-env-privilege-escalation (25839) |  Medium Risk |
Description:
Symantec LiveUpdate for Macintosh could allow a local attacker to gain elevated privileges on the system, caused by a failure to set the execution path environment by certain components. A local attacker could exploit this vulnerability to execute malicious programs on the system with System Administrative privileges.
Note: This vulnerability also affects Norton AntiVirus, Symantec Antivirus, Norton Personal Firewall, Norton Internet Security, Norton Utilities, and Norton SystemWorks for Macintosh, which all use an affected version of LiveUpdate.
Consequences:
Gain Privileges
Remedy:
Install the patch for this vulnerability, available through Symantec LiveUpdate. Refer to Symantec Security Advisory SYM06-007 for more information. See References.
References:
- Symantec Security Advisory SYM06-007 : Symantec LiveUpdate for Macintosh Local Privilege Escalation .
- BID-17571: Symantec LiveUpdate for Macintosh Local Privilege Escalation Vulnerability
- CVE-2006-1836: Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
- SECTRACK ID: 1015953: Symantec LiveUpdate for Macintosh Missing Path Specification Lets Local Users Gain Elevated Privileges
- VUPEN/ADV-2006-1386: Symantec LiveUpdate for Macintosh Local Privilege Escalation Vulnerability
Platforms Affected:
- Symantec AntiVirus 10.0 Macintosh
- Symantec LiveUpdate 3.0 Macintosh
- Symantec LiveUpdate 3.0.1 Macintosh
- Symantec LiveUpdate 3.0.2 Macintosh
- Symantec LiveUpdate 3.0.3 Macintosh
- Symantec LiveUpdate 3.5
- Symantec Norton AntiVirus 10.0.0 Macintosh
- Symantec Norton AntiVirus 10.0.1 Macintosh
- Symantec Norton AntiVirus 10.9.1 Macintosh
- Symantec Norton AntiVirus 9.0.0 Macintosh
- Symantec Norton AntiVirus 9.0.1 Macintosh
- Symantec Norton AntiVirus 9.0.2 Macintosh
- Symantec Norton AntiVirus 9.0.3 Macintosh
- Symantec Norton Internet Security 3.0 Macintosh
- Symantec Norton Personal Firewall 3.0 Macintosh
- Symantec Norton Personal Firewall 3.1 Macintosh
- Symantec Norton System Works 3.0 Macintosh
- Symantec Norton Utilities 8.0 Macintosh
Reported:
Apr 17, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net