var-200510-0260
Vulnerability from variot
Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file.
TITLE: Symantec Norton AntiVirus / LiveUpdate for Macintosh Privilege Escalation
SECUNIA ADVISORY ID: SA17268
VERIFY ADVISORY: http://secunia.com/advisories/17268/
CRITICAL: Less critical
IMPACT: Privilege escalation
WHERE: Local system
SOFTWARE: Symantec Norton Utilities for Macintosh 8.x http://secunia.com/product/5953/ Symantec LiveUpdate for Macintosh 3.x http://secunia.com/product/5954/ Symantec Norton AntiVirus for Macintosh 10.x http://secunia.com/product/5949/ Symantec Norton AntiVirus for Macintosh 9.x http://secunia.com/product/5948/ Symantec Norton Internet Security for Macintosh 3.x http://secunia.com/product/5951/ Symantec Norton Personal Firewall for Macintosh 3.x http://secunia.com/product/5950/ Symantec Norton SystemWorks for Macintosh 3.x http://secunia.com/product/5952/
DESCRIPTION: Some vulnerabilities have been reported in Symantec Norton AntiVirus for Macintosh and Symantec LiveUpdate for Macintosh, which can be exploited by malicious, local users to gain escalated privileges.
1) The suid "DiskMountNotify" component of Symantec Norton AntiVirus for Macintosh fails to set its execution path environment. This may be exploited by malicious users to execute arbitrary commands with System Administrative privileges by modifying the execution path that the component uses to locate system commands.
The vulnerability has been reported in the following versions : * version 9.0.0, 9.0.1 * version 9.0.2 (English, Japanese) * version 9.0.2 Build 5 (French, German, Italian) * version 9.0.3 (English, Japanese) * version 10.0.0, 10.0.1
2) The LiveUpdate component uses a suid command-line application to interface with the Java interpreter. This can be exploited by malicious users to execute arbitrary Java code with System Administrative privileges using the interface application.
The vulnerability has been reported in the following products: * LiveUpdate for Macintosh versions 3.0.0, 3.0.1 and 3.0.2 * LiveUpdate for Macintosh version 3.0.3 Build 5 (English) * LiveUpdate for Macintosh version 3.0.3 Build 11, 3.5.0 Build 47 * Norton AntiVirus 9.0.x, 10.0.0, 10.0.1 * Norton Personal Firewall 3.0.x, 3.1.0 * Norton Internet Security 3.0.x * Norton Utilities 8.0.x * Norton SystemWorks 3.0.x
SOLUTION: Update to the latest version via Live Update.
PROVIDED AND/OR DISCOVERED BY: The vendor credits iDEFENSE.
ORIGINAL ADVISORY: http://securityresponse.symantec.com/avcenter/security/Content/2005.10.19.html http://securityresponse.symantec.com/avcenter/security/Content/2005.10.19a.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200510-0260",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "norton antivirus",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "9.0.3"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-155"
},
{
"db": "NVD",
"id": "CVE-2005-3270"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery is credited to DigitalMunition.com.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-155"
}
],
"trust": 0.6
},
"cve": "CVE-2005-3270",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2005-3270",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-14479",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-3270",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200510-155",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-14479",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14479"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-155"
},
{
"db": "NVD",
"id": "CVE-2005-3270"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file. \n\nTITLE:\nSymantec Norton AntiVirus / LiveUpdate for Macintosh Privilege\nEscalation\n\nSECUNIA ADVISORY ID:\nSA17268\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17268/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nPrivilege escalation\n\nWHERE:\nLocal system\n\nSOFTWARE:\nSymantec Norton Utilities for Macintosh 8.x\nhttp://secunia.com/product/5953/\nSymantec LiveUpdate for Macintosh 3.x\nhttp://secunia.com/product/5954/\nSymantec Norton AntiVirus for Macintosh 10.x\nhttp://secunia.com/product/5949/\nSymantec Norton AntiVirus for Macintosh 9.x\nhttp://secunia.com/product/5948/\nSymantec Norton Internet Security for Macintosh 3.x\nhttp://secunia.com/product/5951/\nSymantec Norton Personal Firewall for Macintosh 3.x\nhttp://secunia.com/product/5950/\nSymantec Norton SystemWorks for Macintosh 3.x\nhttp://secunia.com/product/5952/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Symantec Norton AntiVirus\nfor Macintosh and Symantec LiveUpdate for Macintosh, which can be\nexploited by malicious, local users to gain escalated privileges. \n\n1) The suid \"DiskMountNotify\" component of Symantec Norton AntiVirus\nfor Macintosh fails to set its execution path environment. This may\nbe exploited by malicious users to execute arbitrary commands with\nSystem Administrative privileges by modifying the execution path that\nthe component uses to locate system commands. \n\nThe vulnerability has been reported in the following versions :\n* version 9.0.0, 9.0.1\n* version 9.0.2 (English, Japanese)\n* version 9.0.2\tBuild 5\t(French, German, Italian)\n* version 9.0.3\t(English, Japanese)\n* version 10.0.0, 10.0.1\n\n2) The LiveUpdate component uses a suid command-line application to\ninterface with the Java interpreter. This can be exploited by\nmalicious users to execute arbitrary Java code with System\nAdministrative privileges using the interface application. \n\nThe vulnerability has been reported in the following products:\n* LiveUpdate for Macintosh versions 3.0.0, 3.0.1 and 3.0.2\n* LiveUpdate for Macintosh version 3.0.3 Build 5 (English)\n* LiveUpdate for Macintosh version 3.0.3 Build 11, 3.5.0 Build 47\n* Norton AntiVirus 9.0.x, 10.0.0, 10.0.1\n* Norton Personal Firewall 3.0.x, 3.1.0\n* Norton Internet Security 3.0.x\n* Norton Utilities 8.0.x\n* Norton SystemWorks 3.0.x\n\nSOLUTION:\nUpdate to the latest version via Live Update. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits iDEFENSE. \n\nORIGINAL ADVISORY:\nhttp://securityresponse.symantec.com/avcenter/security/Content/2005.10.19.html\nhttp://securityresponse.symantec.com/avcenter/security/Content/2005.10.19a.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3270"
},
{
"db": "VULHUB",
"id": "VHN-14479"
},
{
"db": "PACKETSTORM",
"id": "40811"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "17268",
"trust": 1.8
},
{
"db": "NVD",
"id": "CVE-2005-3270",
"trust": 1.7
},
{
"db": "BID",
"id": "15142",
"trust": 1.7
},
{
"db": "BID",
"id": "15143",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015084",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200510-155",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20051020 SYMANTEC NORTON ANTIVIRUS DISKMOUNTNOTIFY LOCAL PRIVILEGE ESCALATION",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-14479",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "40811",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14479"
},
{
"db": "PACKETSTORM",
"id": "40811"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-155"
},
{
"db": "NVD",
"id": "CVE-2005-3270"
}
]
},
"id": "VAR-200510-0260",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14479"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:36:29.951000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3270"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15142"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15143"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015084"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17268"
},
{
"trust": 1.6,
"url": "http://www.idefense.com/application/poi/display?id=325\u0026type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=325\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5953/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17268/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5950/"
},
{
"trust": 0.1,
"url": "http://securityresponse.symantec.com/avcenter/security/content/2005.10.19a.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5951/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://securityresponse.symantec.com/avcenter/security/content/2005.10.19.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5954/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5952/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5949/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5948/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14479"
},
{
"db": "PACKETSTORM",
"id": "40811"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-155"
},
{
"db": "NVD",
"id": "CVE-2005-3270"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14479"
},
{
"db": "PACKETSTORM",
"id": "40811"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-155"
},
{
"db": "NVD",
"id": "CVE-2005-3270"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-10-21T00:00:00",
"db": "VULHUB",
"id": "VHN-14479"
},
{
"date": "2005-10-21T17:57:17",
"db": "PACKETSTORM",
"id": "40811"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-155"
},
{
"date": "2005-10-21T01:02:00",
"db": "NVD",
"id": "CVE-2005-3270"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-14479"
},
{
"date": "2005-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-155"
},
{
"date": "2024-11-21T00:01:29.573000",
"db": "NVD",
"id": "CVE-2005-3270"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "40811"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-155"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec LiveUpdate for Macintosh Local privilege elevation vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-155"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-155"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…