Symantec LiveUpdate for Macintosh Local Privilege Escalation

Symantec LiveUpdate for Macintosh Local Privilege Escalation

SYMSA1091 April 17th, 2006 https://www.symantec.com/docs/SYMSA1091
Support / Symantec LiveUpdate for Macintosh Local Privilege Escalation
Was this article helpful?

Thank you for your feedback!

Provide feedback on this article

Thank you for your feedback!
Print Article
Related Products
Subscribe to this Article
Manage your Subscriptions
Search Again
Security Advisory ID SYMSA1091

Initial Publication Date:
Advisory Status:
Advisory Severity:
Legacy ID

17 Apr 2006
Closed
Medium

SYM06-007

Summary

Some components of Symantec's LiveUpdate for Macintosh do not set their execution path environment

Risk Impact
Medium

Remote Access

No

Local Access

Yes

Authentication Required

Yes

Exploit publicly available

No

 

Affected Products

Product

Version

Build

Language

Solution(s)

LiveUpdate for Macintosh

3.0.0

All

All

Live Update Patch

3.0.1

All

All

3.0.2

All

All

3.0.3

5

English

3.0.3

11

All

3.0.3

15

All

3.5.0

47

All

3.5.0

48

All

Norton AntiVirus

9.0.x

All

All

Norton AntiVirus

10.x

All

All

Symantec AntiVirus

10.x

All

All

Norton Personal Firewall

3.0.x

All

All

Norton Personal Firewall

3.1.0

All

All

Norton Internet Security

3.0.x

All

All

Norton Utilities

8.0.x

All

All

Norton SystemWorks

3.0.x

All

All

 

Issues

A non-privileged user can change their execution path environment. If the user then executes one of these components, it will inherit the changed environment and use it to locate system commands. These components are configured to run with System Administrative privileges (SUID) and are vulnerable to a potential Trojan horse attack.

Mitigation

Symantec Response
A patch has been created and made available for all affected versions of the product through Symantec LiveUpdate.

To perform a manual update using Symantec LiveUpdate, users should:

  • Open any installed Symantec product
  • Click on LiveUpdate in the toolbar
  • Run LiveUpdate until all available Symantec product updates are downloaded and installed

Symantec is not aware of any active attempts against or customers impacted by this issue.

As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats.

Acknowledgements

Symantec thanks DigitalMunition.com working with iDefense, for notifying Symantec of this issue

Legacy ID

SYM06-007

Terms of use for this information are found in Legal Notices.

Translated Content

This is machine translated content

Didn't find the article you were looking for? Try these resources.

Supported Products A-Z

Get support for your product, with downloads, knowledge base articles, documentation, and more.

Education Services

Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.

Submit a Threat

Submit a suspected infected file to Symantec.

Submit a False Positive

Report a suspected erroneous detection (false positive).

Need Help with Endpoint Protection?

Set default language

Do you wish to save this as your future site?