Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5829

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2007-5829
Last Modified 13 Jul 2011 12:00:00
Published 05 Nov 2007 02:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2007-5829

Summary

The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled.

Vulnerable Systems

Application

  • Symantec Norton Antivirus 10.0

  • Symantec Norton Antivirus 10.1

  • Symantec Norton Antivirus 9.0

  • Symantec Norton Antivirus 9.0.1

  • Symantec Norton Antivirus 9.0.2

  • Symantec Norton Antivirus 9.0.3

  • Symantec Norton Internet Security 3.0


References

XF - symantec-av-mac-privilege-escalation(38229)

VUPEN - ADV-2007-3698

BID - 26253

SECTRACK - 1018890

SECTRACK - 1018889

CONFIRM - http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html

SECUNIA - 27488

OSVDB - 40864


Last Updated: 27 May 2016 10:46:18