Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1836

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-1836
Last Modified 07 Mar 2011 09:34:23
Published 19 Apr 2006 12:06:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-1836

Summary

Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.

Vulnerable Systems

Application

  • Symantec Liveupdate 3.0

  • Symantec Liveupdate 3.0.1

  • Symantec Liveupdate 3.0.2

  • Symantec Liveupdate 3.0.3

  • Symantec Liveupdate 3.5

  • Symantec Norton Antivirus 10.0

  • Symantec Norton Antivirus 10.0.0

  • Symantec Norton Antivirus 10.0.1

  • Symantec Norton Antivirus 10.9.1

  • Symantec Norton Antivirus 9.0.0

  • Symantec Norton Antivirus 9.0.1

  • Symantec Norton Antivirus 9.0.2

  • Symantec Norton Antivirus 9.0.3

  • Symantec Norton Internet Security 3.0

  • Symantec Norton Personal Firewall 3.0

  • Symantec Norton Personal Firewall 3.1

  • Symantec Norton System Works 3.0

  • Symantec Norton Utilities 8.0


References

CONFIRM - http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html

VUPEN - ADV-2006-1386

BID - 17571

BUGTRAQ - 20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation

SECTRACK - 1015953

SECUNIA - 19682

XF - liveupdate-exepath-env-privilege-escalation(25839)

SREASON - 100


Last Updated: 27 May 2016 10:42:14