F-Secure Anti-Virus Linux Gateway CGI Scripts Let Local Users Obtain Root Privileges
|
|
SecurityTracker Alert ID: 1015159 |
|
SecurityTracker URL: http://securitytracker.com/id/1015159
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 7 2005
|
Impact:
Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 2.16
|
Description:
A vulnerability was reported in F-Secure Anti-Virus Linux Gateway. A local user can obtain root privileges.
A local user can invoke certain CGI scripts that have world-executable permissions and set user id (setuid) permissions to obtain root privileges.
The scripts are installed in the '/home/virusgw/cgi/' directory.
|
Impact:
A local user can obtain root privileges.
|
Solution:
The vendor has issued a fixed version (2.16), available at:
http://www.f-secure.co.jp/download/
|
Vendor URL: www.f-secure.com/security/fsc-2005-3.shtml (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 7 Nov 2005 07:44:09 -0500
Subject: Local root vulnerability in F-Secure Internet Gatekeeper for Linux and F-Secure Anti-Virus Linux Gateway
|
http://www.f-secure.com/security/fsc-2005-3.shtml
|
|
